Note: This Procedure is the same for Exchange 2007.
You are having a problem with spam, the Exchange agents are no replacement for a proper AntiSpam solution, but they are better than nothing. By default they don’t install, unless you are installing an “Exchange Edge Transport Server”. For most SMB client that’s not an option so there’s nothing to stop you installing the options on your “Stand Alone” Exchange box.
Solution
Note: You can also enable and disable the Anti-Spam features with the following poweshell commands (you still need to restart the transport service afterwards).
Out of the box Evolution can only connect to Exchange 2000 and Exchange 2003, this is because it uses OWA to connect, when Exchange 2007 was released, the way OWA was presented changed a great deal. So if you try and connect to a newer version of Exchange it will error. (Before you email in, I know in 2010, its now called Web App not OWA).
But there’s nothing to stop you connecting to Exchange 2007 and Exchange 2010 via MAPI, you just have to add a few packages first.
I originally wrote this a while back for version 10, but I’ve updated it for version 11.10. I’ve left the earlier version 10 notes below.
Solution
Ubuntu Version 11.10
1. If Evolution is not already installed, Launch the Ubuntu Software Manager and search for Evolution > Install.
2. You will need to enter your password.
3. After a few minutes it should get a green tick to say its been installed.
4. In addition you need to locate and install the “Evolution support for the groupware suite”.
7. You can restore form a backup, but I’ve not got one > Continue.
8. Type in your name and email address > Continue.
9. Now change the server to “Exchange MAPI” > Give it the name/IP of your Exchange server and your domain details > Authenticate > Enter your domain password > And it should say successful > Continue.
10. Set your email account requirements > Continue.
11. Give the account a name, by default it will be your email address, but you can change it > Continue.
12. Apply.
13. Before Evolution launches it will ask for your domain password (Mine never changes so I’m ticking the remember password option, you might NOT want to do this) > And I’m setting Evolution as the default email client.
14. An there is my inbox.
15. And it will pull down the GAL from Exchange, as well as your personal contacts.
16. After a short while it will also sync and display your Exchange calendar.
In this example I’m using Ubuntu version 10
1. First you need to add in the “evolution-mapi” package > System > Administration > Synaptic Package Manager. (You may need to provide a password to proceed).
2. Locate the “evolution-mapi” package.
3. Mark it for installation.
4. You may have to agree to install some dependant packages > do so.
5. Ensure that evolution-mapi is now ticked and click “Apply”.
6. The packages will download and install.
7. Now you can launch Evolution > It should run the “Setup Assistant” > Forward. (Note: If you’re adding an additional account simply open Evolution > Edit > Preferences > Mail accounts > Add).
8. We are not restoring > Forward.
9. Type in your name and email address, this is going to be or default account so leave the default option ticked > Forward.
10. Change the server type to “Exchange MAPI” > Enter the server name/IP address, your domain user name, and the name of the domain > Authenticate.
11. Enter the correct password for your domain account, tick the option to remember the password (Note: if you domain password changes often you might not want to do that) > OK.
12. All being well, you should see a successful result > OK > Forward.
13. Set the options as you require, these would be my personal preference > Forward.
14. Give the mail account a sensible name > Forward.
15. After a couple of minutes there’s your mailbox.
16. And Your Exchange 2010 Calendar sync’d.
17. And your contacts and address lists. (Note: The Exchange Global Address List, can take a couple of restarts before it starts to sync properly).
Related Articles, References, Credits, or External Links
When attempting to move a mailbox (usually during a migration), you see the following error.
The following error(s) occurred while saving changes
Set-Mailbox Failed
Error:
Active directory operation failed on (username} This error is not retriable. Additional
information: Insufficient access rights to perform the operation.
Active Directory response: 00002098: SecErr: DSID-013150BB9, problem 4003
(INSUFF_ACCESS_RIGHTS), data 0
The user has insufficient access rights.
Solution
1. On a domain controller launch “Active directory users and computers” > View > Advanced options.
2. Locate the user with the problem mailbox, right click > properties > Security Tab > Advanced > Tick “Include inheritable permissions from this objects parent” > Apply > OK.
3. Try and move the mailbox again, (in some cases you may need to delete the move request from within Exchange System Manager before it will retry).
Particularly after a migration this can continue to be a problem, you can stop it on a domain wide basis by doing this.
Related Articles, References, Credits, or External Links
If you have a user password that has expired, or you have set the password to be changed at next logon, then this can cause your remote users a problem. Providing they have access to OWA, they can now (Post Exchange 2010 SP1) reset the passwords themselves.
Note: It is possible to log in with an OLD PASSWORD when accessing OWA this will happen for approximately 15 minutes (Special thanks to Jason K. Roberts). For more information see,
Seen when attempting to install Service Pack 3 on Exchange 2007. On a server that’s also running Symantec Backup Exec.
Hub Transport Role Prerequisites
Error:
Setup cannot continue with the upgrade because the 'beremote' () process (ID: xxxx)
has open files. Close the process and restart Setup.
Client Access Role Prerequisites
Error:
Setup cannot continue with the upgrade because the 'beremote' () process (ID: xxxx)
has open files. Close the process and restart Setup.
Mailbox Role Prerequisites
Error:
Setup cannot continue with the upgrade because the 'beremote' () process (ID: xxxx)
has open files. Close the process and restart Setup.
Solution
1. First make sure you are not currently running any backups with Backup Exec.
2. Click Start > In the Search/Run box type services.msc {enter} >The services console will open.
3. Locate the “Backup Exec Remote Agent for Windows” Service > Right Click and stop it. (Note: In the example above I’ve stopped all the Backup Exec Services, just to be on the safe side).
4. Now try again to install the service pack.
Related Articles, References, Credits, or External Links
Seen when manually trying to update the Global Address List, with the following powershell command:
[box]Update-GlobalAddressList -identity ‘Default Global Address List'[/box]
Error: WARNING: The recipient “{your domain name}/Microsoft Exchange System Objects/{A Public Folder Name}” is invalid and couldn’t be updated.
or
Error: WARNING: The recipient “{your domain name}/Microsoft Exchange System Objects/OAB Version 2” is invalid and couldn’t be updated. WARNING: The recipient “{your domain name}/Microsoft Exchange System Objects/OAB Version 3a” is invalid and couldn’t be updated. WARNING: The recipient “{your domain name}/Microsoft Exchange System Objects/Offline Address Book – /o={your domain name}V/cn=addrlists/cn=oabs/cn=123” is invalid and couldn’t be updated.
This is commonly seen when an Exchange environment has been migrated from Exchange 2003. And it happens because the Alias names for the particular public folders have spaces in them (or a character that Exchange does not like).
Solution
1. On your Exchange 2007/2010 Server Launch the Exchange Management Console > Toolbox > Public Folder Management Console.
2. If you error is about OAB / Address books skip to step 5, If it’s to do with a public folder that your organisation has created, expand default public folders and locate one of them that’s causing the error (In the example above I’ve highlighted one called “1045 – Greengairs” > Select its parent > Then select it (in the central pane) and open its properties.
3. As soon as you select the “Exchange General” tab, you will get an error popup which indicates the problem, there is a problem with the Alias name, in this example there’s spaces in it remove them.
Error: The properties on this object have invalid data. If you click OK, default values will be used instead and will be saved if you do not change them before hitting Apply or OK on the property page. If you click cancel, the object will be displayed read-only and corrupted values will be retained.
4. Once removed apply the changes.
5. If your error references OAB or address books, expand system Public Folders > OFFLINE ADDRESS BOOK > Check the properties of ALL its child objects > and on the Exchange General tab remove any spaces or unusual characters.
Related Articles, References, Credits, or External Links
What used to be a fiddly job, is now very simple to do, setting up Outlook Anywhere (formally known at RPC over HTTP) takes about 10 minutes.
What is Outlook Anywhere?
This is a system that lets you connect Microsoft Outlook to to your Exchange server over the web, this means you can connect to to your email, calendaring and tasks etc, without the need for a VPN connection.
Solution
Outlook Anywhere with Exchange 2007 (Exchange 2010 Skip to Step1)
If you plan to deploy Outlook Anywhere with Exchange 2007 there is an additional step you need to carry out before you start. From server manager > Feature > Add Features > Add in the ‘RPC over HTTP Proxy’ feature before you start. (Note: you DONT need to do this if you are running SBS 2008).
Step 1 Configure Exchange
1. First we need to turn it on: from within the Exchange Management, expand Server configuration > Client Access > Select the server in the central pane > Select “Enable Outlook anywhere” in the action pane.
2. Enter the publicly addressable name of your Exchange server, for this example I’m using NTLM authentication > Enable.
Note: The external host name is the address that you would type into a browser to contact the Exchange server i.e. for Outlook Web Access http://mail.domaina.com/owa. This would mean the public name is mail.domaina.com. This name must be the Common Name (CN) on the Exchange server’s digital certificate.
3. Take heed of the information, nothing’s going to work for 15 minutes (Even Exchange is telling you to apply the cup of coffee rule) > Go and have a hot milky beverage.
4. Look at the timestamps and the clocks, this one took 14 minutes (for once the dialog had it spot on!) You should see Event ID 3007, 3003, 3004,(all these are normal) and finally,
5. Event ID 3006 > Outlook Anywhere is up and running on the server. (Note: you will NOT see this on an Exchange 2007 Server, see the second screenshot).
Note: To Access from Outside your network the public name of the Exchange server (in this case mail.domain.com), needs TCP port 443 (HTTPS) open to it, or “Port Forwarded” to the Exchange server.
Note2: To work internally make sure that mail.domaina.com resolves to the INTERNALIP address of the Exchange server.
6. You may also want to execute the following command. Particularly if you use SBS, which has a habit of setting remote.publicdomain.com as the default outside name.
[box] Set-WebServicesVirtualDirectory –Identity ‘EXCHANGE-MAILEWS (Default Web Site)’ –ExternalUrl https://mail.domain.co.uk/ews/exchange.asmx[/box]
Step 2 Configure Outlook for Outlook Anywhere
1. In this example I’m using Outlook 2010 and the mail profile/account has NOT been setup, if you already have an account edit it, select “More Settings” and jump to number 4.
Note: To support Outlook Anywhere you need a minimum of Outlook 2003 SP2
2. If you are setting up your Outlook client internally, the autodiscover service should fill in the details for you.
3. If it auto configures the settings for you, tick the box to manually configure server settings.
4. More Settings.
5. Connection Tab > Tick “Connect to Microsoft Exchange Server using HTTP” > Click “Exchange Proxy Settings”.
6. Put on the URL (Public name of Exchange – see step 1 number 2) > I’m using NTLM authentication you may be using basic, if you don’t know, check with your IT department, or try each one.
7. Security Tab > Ensure “Encrypt data between Microsoft Outlook and Microsoft Exchange” is selected.
8. Restart Outlook – you may be asked for your username and password again this is normal.
Related Articles, References, Credits, or External Links
I’ve already covered migration from 2003 here, I got an email today {Thanks Ashley :)} to say that when they tried to migrate the address policies from 2003 to 2010 using this command:
[box]Get-EmailAddressPolicy | where {$_.RecipientFilterType –eq “Legacy”} | Set-EmailAddressPolicy –IncludedRecipients AllRecipients[/box]
They got the following error;
Error on Exchange 2010
Set-EmailAddressPolicy : The recipient policy “Default Policy” with mailbox manager settings cannot be managed by the current version of Exchange Management Console. Please use a management console with the same version as the object.
Error on Exchange 2007
The recipient policy “Default Policy” with mailbox manager settings cannot be managed by the current version of Exchange Management Console. Please use a management console with the same version as the object.
Solution
This happens because In your Exchange 2003 environment, there is a Mailbox Manager Policy that’s been tied to the recipient update policy.
Option 1 (If you have access to the 2003 Exchange Management Console)
1. On your Exchange 2003 Server Launch the Exchange Management Console > Recipients > Recipients Polices > You may have more than one if so repeat this process with each one > right click > Change Property Pages > Make sure “Mailbox Manager Settings” is NOT TICKED. (If it is, Untick it and re-run the command above).
Option 2 (If you DO NOT have access to the 2003 Exchange Management Console)
1. From within ADSIEdit (Install the support tools if you can’t find it) > Configuration > CN=Configuration… > CN=Services… > CN=Microsoft Exchange… > CN={Your Exchange Org} > CN=Recipient Policies > Right click CN=Default Policy > Properties.
2. Locate the msExchPolicyOptionList attribute > Edit > Remove the entry that’s called ” 0xec 0x13 0x68 0x3b 0x89 0xce 0xba 0x42 0x94… (Mailbox Manager Settings)” > OK > Apply > OK.
Related Articles, References, Credits, or External Links
With Exchange 2003 tarpitting was turned on post SP2 with a registry hack, with newer versions of Exchange it is enabled by default.
What is Tarpitting?
This is a method to stop a mail sender sending you multiple mail requests, it was designed to stop miscreant from carrying out either a :-
Directory Harvest Attack : Attempting to find out legitimate emails on your email server by randomly sending emails to loads of randomly generated names, that might exist on your Exchange Server. if they get an NDR back they know the address does not exist, if they do not get an NDR they will log that address and start sending spam to it.
NDR attack:
Essentially a denial of service on your mail server, this can be a result of a Directory Harvest Attack, insofar as your outbound mail queues fill up with thousands of NDR’s and the server slowly grinds to a halt.
To stop this from happening we have a system called Tarpitting, this stops a remote sender, from sending multiple emails one after the other. It imposes a time limit between emails from a sender (5 Seconds by default). The net result of this is, it’s far to expensive and time consuming to attack you, so the spammers and script kiddies will go elsewhere.
Solution
To find out what your tarpitting settings are
1. As said above the default setting for all receive connectors is 5 seconds, to verify your is still set the same way as it was when you installed issue the following command;
2. Above you can see all the receive connectors are set to 5 seconds.
To disable Tarpitting for all Receive Connectors
1. Tarpitting is a good thing and should be enabled so normally I’d only advocate doing this so you can test/troubleshoot a problem. Issue the following command;
2. Now the Default connector (Default DC2A) is set to 10 seconds and the rest remain at 5 seconds.
To disable Tarpitting for specific Receive Connectors
1. As said above tarpitting is a good thing and should be enabled, so normally I’d only advocate doing this so you can test/troubleshoot a problem. Issue the following command;
A distribution group is an active directory group, that has a shared email address. A security group can also have an email address, but unlike a distribution group a security group can be granted permissions to objects e.g. public folders, calendars etc.
A distribution group is used for sending mail to groups of people, like the engineering group or the sales group for example.
Solution
1. On the Exchange server launch the Exchange System Manager > Expand Recipient Organization > Distribution Groups >Select either “New Distribution Group” from the action menu or right click and select.
2. I’m going to create a new on,e if you want you can select “Existing group” and browse your active directory for a group you would like to add an email addresses for, > Next.
3. You can also create a mail enabled security group here, but we are going to stick with a simple distribution group > Give the group a name, and an email alias > Next.
Note: You can also specify which OU you want to create the group in here.
4. New.
5. Finish
6. Right click your new group > Properties.
7. Members > Add > Add in as appropriate.
Allow a Distribution Group to Accept Mail from EXTERNAL addresses.
By default new distribution group cannot accept mail from outside your organisation, to change that, select the “Mail Flow Settings” tab > Double click “Message Delivery Restrictions” > UNTICK “Require that all senders are authenticated” > OK > Apply.
Related Articles, References, Credits, or External Links