Like most of us I spend my working day based around Outlook calendar meetings and entries, I’ve even got birthdays and anniversaries in there. So recently when the notification pop-ups stopped working, it was a potential problem. Occasionally I could hear the notification ‘sound’, but I had to open outlook and change to the notification window to see them. When you are as absent minded as me, that’s a recipe for disaster.
I don’t know if it was a macOS update or a Microsoft Office update that had broken it, (or if I’d done something stupid myself!).
Solution
I tried a few solutions but this is the only one that worked. Click the ‘Apple Icon’ (top left) > System Preferences > Notifications > Scroll down and select Outlook > On your keyboard press the ‘Delete/Backspace’ key, to remove Outlook > Close system preferences.
If Outlook is open close it > Open Outlook > At the notification prompt > Click ‘Allow’.
The problem ceased.
Related Articles, References, Credits, or External Links
While trying to connect Outlook (2016) to an Office 365 email account;
We can’t connect you
It looks like we can’t connect you to one of our services the moment. Please try again later, or contact your helpdesk if the issue persists.
0xCAA70010
{ADFS-URL}
Solution
This was happening because my ADFS server was using a ‘self-signed’ certificate (i.e. not a purchased one). This should NEVER be done in a production environment, but this is my test network, (so I refuse to spend money on certificates for testing etc!)
I cured the problem by simply importing/trusting the CA Certificate from my internal Certificate Services CA server, (that issued the ADFS servers certificate).
If you see this on a production server, with a publicly signed certificate, check that the ‘problem’ client does not need a Windows Update, to update its trusted CA Certificates, or that your certificate simply hasn’t expired, and you ‘forgot’ to renew it. If so;
There are plenty of reasons for wanting to look at a message header, to see where a mail has come from or from which email address it was sent for example. Different versions of Outlook have different methods of letting you read the email header.
Solution
Display Message Headers with Outlook 2013
1. Open the mail in question and select ‘file’.
2. Info > Properties.
3. Your message headers are displayed.
Display Message Headers with Outlook 2010
1. Open the mail in question and select ‘file’.
2. Info > Properties.
3. Your message headers are displayed.
Display Message Headers with Outlook 2007
1. Option 1: Open the mail in question, and select the expand icon next to ‘Options’.
2. Option 2: From the inbox right click the relevant message and select ‘Message Options’.
3. Your message headers are displayed.
Display Message Headers with Outlook 2003
1. Option 1: Open the mail in question > View > Options.
2. Option 2: From the inbox right click the relevant message and select ‘Options’.
3. Your message headers are displayed.
Related Articles, References, Credits, or External Links
Last week I had a client report that ‘some’ of his users were getting this popup repeatedly, every time they launched Outlook.
The Microsoft Exchange administrator has made a change that requires you quit and restart Outlook
This popup is usually seen during migrations, when mailboxes are being migrated, (or have just been migrated.) But you should only ever see it once.
Solution
I had recently retired the client’s old Exchange Server (Exchange 2007) So I assumed something must have been pointed at the old server, the client also reported that Recreating the Outlook profile also cured the problem. Which added weight to my theory.
I guessed (correctly as it happens) that the problem was the Public Folders on the old server. The client wasn’t using them, but I thought, the migrated users might still be trying to connect to them, I tried to cure the problem by forcing the clients NOT to look for Public Folders with the following registry key;
[box]HKEY_CURRENT_USER > Software > Microsoft > Exchange > Setup[/box]
Create 32 Bit DWORD: HasPublicFolders
Value: 0 (Zero)
Unfortunately that didn’t fix the problem, (in my case, however, some people reported it did solve theirs). I know from experience that public folders settings used to be defined, on the mailbox database, so I checked all the mailbox database attributes, and found the problem.
To view your Mailbox Database Attributes you need to look pretty deep into Active Directory, which means using ADSIEdit. When launched, connect to the ‘Configuration’ context.
Configuration > CN=Services > CN=Microsoft Exchange > CN=your organisation name > CN=Administrative Groups > CN=Exchange Administrative Group > CN=Databases > CN=your database name > Properties > Locate MSEXCHHomePublicMDB, and remove any value set.
At this point I rebooted the Exchange Server, and the affected clients, and the problem was resolved.
Related Articles, References, Credits, or External Links
There are times when a problem with your Outlook profile can manifest itself in many ‘annoying’ ways. Sometimes the simplest thing to do is to put your Outlook profile to one side, and create a fresh new one.
Solution
Ensure Outlook is closed, open Control Panel > Set the view to ‘Small icons’ > Mail > Show Profiles.
Add > Give the new profile a sensible name > OK.
Configure you mail account, (if using Exchange, it should auto-configure for you) > Finish
Change the settings to ‘Prompt for a profile to be used’ > Apply > OK.
Open Outlook and select the new profile.
Make sure everything loads up and syncs correctly > Close Outlook again.
Once you’re happy, go back to the ‘Mail’ Settings, and change it to always use the new profile. You can delete the old profile if you wish > Apply > OK.
Related Articles, References, Credits, or External Links
You used to see this error a lot if your internal, and external domain names were different, and the ‘public’ domain name was on the certificate, in those cases I’d also setup split DNS like so;
But you can simply create a DNS SRV record that your clients will use for Autodiscover.
Solution
Note: Before proceeding MAKE SURE you DON’T have an A record in your domain, for “autodiscover.{your-domain}”. or a CNAME record for autodiscover that points back to your Exchange. We want an SRV record ONLY.
Within your domain DNS, create a new ‘Other‘ record.
Choose service location (SRV) > Create Record.
Your domain name will be entered automatically, set the following;
Service: _autodiscover
Protocol: _tcp
Port number: 443
Host offering this service: {The FQDN of your CAS/Exchange server}.
You will need to expand the _tcp folder to see the record.
I Use Split DNS?
No problem, in your internal DNS, the forward lookup zone (that matches your public address space.) Create an SRV record as well, when you are finished, (if you have set it up properly), you will see a tcp sub folder appear below the forward lookup zone.
What About My Public DNS Settings?
Exactly the same! Remove any A or CNAME records, and create an SRV record, how you do this, varies from DNS host to DNS host. Some oddities I’ve found;
Some public DNS vendors wont let you set a priority of ‘0’ Zero, on an SRV record, just use 1 (unless you have multiple ones!)
Some public DNS vendors SRV records don’t work, unless you put a ‘full stop’ at the end of the domain name. (In fact all domain names have a full stop at the end of them, it’s just you can’t normally see them!)
As an example, here’s me creating an SRV record on my DNS hosting provider (Vidahost)
So when it’s created it will look like this;
I’ve got Multiple Public E-Mail Domain names running from the same Server?
Again not a problem, for each domain, delete the A and CNAME records for autodiscover. Then point your SRV record to the DNS name that is actually presented by the Exchange server (even if that’s with another DNS vendor).
Why Does This work?
Well I’m glad you asked! When outlook looks for Autodiscover the first thing it does is look for the Autodiscover SCP point in your Active Directory. You can see this in your ‘AD sites and services’, (you need to add in the Service node from the view options before you can see it).
If it can’t get a response from there, it takes your domain name and tries the following locations;
[box]
https://{domain-name}/autodiscover/autodiscover".fileExtension
AND
https://autodiscover.{domain-name}/autodiscover/autodiscover".fileExtension
[/box]
Note: The file extension is usually .xml but it can be .svc
If it STILL can’t get a response it tries the following;
Note: If you are wondering that the difference is, that’s on port 80 not port 443.
If it STILL can’t get an answer then to looks for the SRV record in DNS you created above.
How To Test the AutoDiscover SRV Record
It’s a DNS record so we can query it with nslookup to make sure its OK.
[box]
nslookup -q=srv _autodiscover._tcp.{domain-name}OR
nslookup
set q=srv (or you can use SET TYPE=SRV)
_autodiscover._tcp.{domain-name}
[/box]
Like this;
Or if you use macOS or Linux;
Why Do I have to remove my A and CNAME Records for Autodiscover
If they exist they will get used before the SRV record, you may think that’s fine but it may lead to all sorts of horrible Outlook Setups and errors about certificate names.
Moving a machine onto a Windows domain, is a simple task, I’ve done this for a lot of clients. The main complaint (post migration,) is that something is missing. This is because your-account-name on your PC or laptop, and your-account-name in the domain are TWO DIFFERENT ACCOUNTS, (even if they have the same name).
Microsoft have produced some tools help you, but I challenge you to start reading the USMT documentation for more than 15 minutes without losing the will to live.
Below is a list of things people have complained to me about losing post migration;
Desktop wallpaper.
Files & Folders from the desktop.
My Documents.
Internet Favorites.
My Pictures.
Outlook Signatures.
Outlook Mail Accounts.
Word Custom Dictionaries.
Work Autocomplete Settings.
MS Access Macro settings.
So I setup a test Windows 10 machine, with all of the above setup, and used two tools to migrate my local profile into my domain profile.
Solution
Test 1 ForensIT User Profile Wizard
Software is free (there are paid for versions) but I plumbed for the free one, you don’t have to install anything as it runs from an executable, (which is a bonus if you have a lot to do). Its VERY fast, and simple to use.
I’ve joined my target machine to the new domain and logged on once as the domain user and created a blank profile, then logged back on as the domain admin to carry out the following.
Launch the software > Next > Select the profile you want to copy from.
Select your domain name > Enter the logon name for the ‘DOMAIN USER’ you want to copy the profile to > Next > Next.
Verdict: Of the two, this ones quicker, more intuitive and free.
Test 2 USMT GUI 10
This is a graphical wrapper that sits on-top of the Microsoft USMT tools, I donated $10.00 for the cheapest version, and repeated the tests above.
First you have to take a backup of the local profile(s).
I’m just choosing one (Pete) > RUN > My profile was 177Mb and it took about 5 minutes.
Now resort the profile back to your domain profile, as you can see that’s a little more complicated, but not that difficult > RUN.
At this point it ran thought and gave me an error, even though it did migrate the profile successfully.
Verdict: Well it does the job, it’s probably a lot more versatile than the first tool, but nowhere near as intuitive, and it costs $10. I know that’s cheap, and the dev deserves to be paid for their hard work, but I prefer the free one.
Related Articles, References, Credits, or External Links
I did an Exchange 2010 to 2016 Migration for a school this week. They are going to reimage all their PCs to Windows 10 and install Office 2016 over the summer holidays. But a few staff members were working over the holidays and needed their Win7/Outlook 2010 clients pointing to the new Exchange server.
This I did (I simply created new mail profiles and let auto discover do its work). But then the Outlook clients prompted for a username and password every five minutes (even if ‘remember password’ was ticked).
Solution
Outlook constantly prompting for passwords all the time is a common problem, and one I really struggled with here. Make sure before you troubleshoot this error that you have done the following;
Updated your version of Outlook with the latest updates.
Make sure you have NOT cached old/incorrect passwords in Windows Credential Manager.
Make sure some ‘clown’ had NOT ticked ‘Always ask for Credentials’ (Account > More Settings >security tab). While you are in there if you are on Office 365 ensure ‘Anonymous Authentication’ IS selected.
Make sure you are NOT going though a proxy server! If you are, you need to make an exception for the Exchange traffic.
The names and urls that your Exchange server are setup and match the certificate on the Exchange server (and can be resolved in DNS) see this article.
Try changing the username Outlook is trying to authenticate with, from username@domain-name to DOMAIN\User-name (particularly if your email address and public/private domain name are NOT the same).
Given my Exchange background the answer was pretty much staring me in the face. Modern Exchange servers, use https for pretty much everything now, (IMAP and RPC are old school). The problem was the account settings to collect mail via https/Outlook anywhere needed changing. After a bit of trial and error and some internet searching the following cured the problem.
Note: The following ‘More Settings’ Options were removed in Outlook 2016. To get that to work, you need to have your autodiscover setup correctly! The easiest way to do this, is DELETE any A or CNAME records that point to autodiscover.doamin.com, and setup an SRV record (thats for Pubic DNS Space and Private DNS Space.
Go to the properties of your mail account > More settings.
Tick > Connect to Exchange using HTTP > Exchange Proxy Settings.
Enter the correct URL of your Exchange server > Tick connect using SSL only > Enter ‘msstd:{Exchange-URL} > UNTICK both the https options > Set the authentication to NTLM Authentication (or negotiate) > OK.
As a side note: I also set the MSSTD address on the Exchange server, with the following shell command;
Later on in the year I’ve got a big RSA and SharePoint deployment, as I know ‘Zippity Squat’ about SharePoint, I thought the best way to get some hands on experience, was to work out how to integrate SecureID with Exchange 2013, (which I know a few things about!)
Solution
I’m assuming you already have RSA Authentication Manager setup and users/tokens deployed. This run though is simply to get your RSA solution working with Exchange/OWA
1. Create a user in Active Directory, (here I’m using SVC_RSA_Access), and ensure that user has a mailbox, you can do this in the Exchange Admin Center, but I prefer to use the shell.
6. We need to have the .Net 3.5 Feature added. (Server Manager > Add Roles and Features).
7. Log onto the Security Console of your RSA Authentication Manager appliance > Access > Authentication Agents > Generate Configuration File > Follow the wizard > Download the file.
8. Place the file you downloaded (sdconf.inf) on the Exchange server in the C:Windowssystem32 folder.
9. Download and install the RSA Authentication Agent for Web for IIS, Install and accept all the defaults, it should locate the config file you have just downloaded.
10. On the Exchange server launch ‘RSA Web Agent’, and don’t be surprised when IIS Manager opens.
“I seem to get a lot of spam”, and “I get a lot more spam than I used to” are right up there with “My computer is running slow”. It’s a problem that, eats up users time and fills your mail stores with junk, and time/disk space costs money.
SEM is tiny! In a world where a graphics driver is now over 100MB the entire install suite is less than 11MB. This is going into my test network so testing its ability to limit spam is NOT the point of this exercise, I’m looking at the ease of installation, configuration, and administration.
SEM Pre-Requisites
1. Exchange 2000, 2003, 2007, 2010, or 2013.
2. Windows Server 2000, 2003, 2003 R2, 2008, 2008 R2, or 2012.
3. .Net framework version 2.0 (SP1).
4. MDAC (Microsoft Data Access Components) version 2.7.
5. Internet Information Services.
Solution
Before You Start
1. If you have already installed the Microsoft Anti Spam agents you might want to remove them, (not that you have to). If you don’t know you can run the following command;
[box]
Get-TransportAgent[/box]
If you just have the four below then you DO NOT have the extra agents installed.
2. If yours looks like the one below, then YOU DO have them installed.
3. As stated you don’t have to remove them but if you want to simply execute the following two commands;
[box]
cd "Program FilesMicrosoftExchange ServerV15Scripts"
./Uninstall-AmtispamAgents.ps1
[/box]
4. Answer each question, then run;
[box]
services.msc[/box]
5. Restart the Microsoft Exchange Transport service.
7. The installer is pretty straight forward > Next > Accept the EULA > Next > Enter your details > Next > Accept or change the install location > Next.
8. The product will install.
9. At this point it’s downloading definitions form the internet, and it will take a while.
10. When complete it needs to setup a user that the services will run under. Just supply a password > Next.
Note: This user (by default) is added to the local administrators group, and the Exchange Organization Management group.
11. Finish.
12. The management console installs on TCP port 5000, so if you need to access it through a firewall you will need to open that port.
13. Toolbars Tab: From here, I’ll jump straight to the configuration section, this drops you straight onto the Plugins tab. From here you can change the logo that will be displayed with the toolbar (this is NOT visible with Outlook 2013). You can also change the URL it points to and adding rights to users.
14. Toolbar Tab > Outlook Toolbar: On a client running Outlook > Download Outlook Toolbar > Run the installer.
Note: The installer is a .exe file, I would have preferred a .msi file, so I could deploy this out (on mass), to domain clients via GPO.
17. Now when you launch Outlook you can see the plugin loading.
18. You will now have an extra toolbar with the following options.
BE AWARE: You install the OWA toolbar ONCE on the Exchange CAS server.
19. Toolbars > Outlook Web Application: Install OWA toolbar.
20. Yes.
21. Now when your clients access OWA, you have the toolbar.
22. Latest news: Essentially this is just an RSS feed from the manufacturer to keep you abreast of software updates etc. If you have some RSS aggregation software you can add this same feed.
23. Mailbox Tab > Mailboxes: Here it will list all the mailboxes, by default the ‘Default policy’ will be applied and virus filtering will NOT be enabled (this is an add on license). you can also access statistics for this particular mailbox, and view quarantined emails. The User filter settings are for applying an exception for this one mailbox (I’ll cover this later). If you can’t locate a particular user there is also a search function.
24. Mailbox Tab > Usergroups: Usergroups are used to apply policies, any new group requires you to maintain membership manually. But if your Active Directory is well designed, you can select your SPAMfighter groups based on your OU structure.
SEM – SPAMfighter – Configuring and Working with Policies
This is pretty intuitive, and the default policy comes preconfigured and already applied, though with all filtering systems it will probably take you a little while to get it streamlined to your requirements. The policies section has four main tabs;
Filter Settings: What tools you are going to use to look for spam. Accept Actions: What it will do if it finds nothing. Block Actions: What it will do if it finds something. User Filter settings: Exceptions to the filters for one or more users. Mailboxes: Puts you straight back to the mailbox section you saw earlier.
25. Out of the box there are five filters enabled.
26. But there are four further filters that you can add to the policies.
SPAMfighter – Filters
27. VIRUSfighter Antivirus Filter for SPAMfighter Exchange Module: Remember this is an ‘Add on’ so it would only apply to mailboxes that have this enabled. It’s on its most conservative setting, and will replace the infected email with safe content.
28. SPAMfighter Sender Filter > Whitelist:Simply add either a particular email address you want to allow or add in an entire domain.
29. If your lists get a little unwieldy you can import or export them, and chose weather to overwrite them or append the imported list to your existing list.
30. And where there is a Whitelist there is a Blacklist, it’s configured exactly the same.
31. Automatic Whitelist: This is a brilliant feature! It dynamically adds the addresses our users send to to the Whitelist, and maintains the cache for 10 days (which you can alter). I’m surprised this is disabled by default.
Note: This will be enabled by default in the next release.
32. SPAMfighter Content Filter > Whitelist phrases: Gives you the power to automatically Whitelist emails based on a phrase they contain i.e. Your corporate email disclaimer or default signature.
33. SPAMfighter Content Filter > Blacklist phrases: As the warning says be careful with this section, this is the sort of thing that is handy for blocking “We attempted to deliver your parcel but were unable to” emails that urge you to click an attached zip file full of infected spyware nastiness.
34. SPAMfighter Content Filter > Whitelist Attachments: Here you can upload an attachments (like your company logo from your email signatures) and the system will whitelist and allow through emails containing them.
35. SPAMfighter Content Filter > Blacklist Attachments: Thankfully this is disabled by default, the list of file extensions is quite long, and contains some commonly used file extensions, You will need to do some planning and testing with this one if you want to enable it.
36. SPAMfighter Community Filter: This will filter mail based on mails that have already been blocked by other SPAMfighter users, it uses a scoring/weighting system. You simply set a threshold the higher you set it the more mail will be stopped, this will require some fine tuning.
37. SPAMfighter Language Filter:This is enabled by default, but no languages are selected (which is sensible). If you are never expecting any emails in Chinese you can block them here.
SPAMfighter Filters that you can Manually Add to the Policy.
38. SPAMfighter IP-address Filter: Pretty much does what it says on the tin! Though blocking spammers by IP address is a little hard to manage, and it’s pretty easy to spoof an IP address anyway, which is probably when this is not on the default policy.
39. SPAMfighter Sender Policy Framework Filter: Personally I think you would be crazy to turn this on! If you don’t know what an SPF record is then read the following article.
40. SPAMfighter DNSBL Filter: A DNSBL is a dynamic DNS list of known spammers, if you are familiar with RBL block lists this is similar.
41. SPAMfighter Combined Spam Score Filter: All the other filters check the mail and give it a score, if the score is higher than a certain threshold this this filter will aggregate all those scores and block the mail.
SPAMfighter – Policies > Accept Actions
42. If the mail makes it through all the filters, then this section decides what happens with it.
43. And that is adding information to the mail header that says the mail was scanned and accepted.
SPAMfighter – Policies > Block Actions
44. If the mail gets blocked by any of the filters, this section decides how that is handled.
Note: You can add other actions from the drop-down list below if this does not do what you require.
45. Just as for the accept policy action, this modifies the email header, though this one says the mail was blocked.
46. SPAMfighter Move To Folder Policy Action > Mailboxes : The second default policy action takes that filtered email and places it within a folder called SPAMfighter within the users mailbox.
Note: You can redirect that mail to another mailbox if that is your preference.
47. The system for Public Folders (if you use them) is identical.
48. Contacts: As is says contacts do not have a mailbox, but you can redirect filters contact mail to a specific mailbox should you wish.
49. User Filter Settings: This section can create an exception for one particular user, it simply creates another policy that you can apply to that user.
50. You can create new policies and apply then to particular users or usergroups, and make the system as granular as you like.
51. Statistics: On my test network I didn’t have any throughput on which to pull some meaningful statistics.
52. Statistics > Notifications: You can have daily/weekly/monthly reports emailed to you.
53. If you decide to purchase, the licenses are priced per mailbox. Prices start at £14.50 each (or £29.00 with the Antivirus) And go down to £2.45 (or £4.90 with Antivirus) depending on the amount you buy. They are available for 1, 2, and 3 year periods. For an up to date price list go here.
Related Articles, References, Credits, or External Links