TechEd 2013

Kevin and myself smiling like a butcher’s dogs! Thanks Ed! Click the photo to read the full article.

It’s been a while since my trip to TechEd, but I found a photo on Ed Wilson’s blog that I wanted to share.  My good friend and colleague, Kevin McFerrin, and myself received free autographed copies of Ed’s book, “Windows PowerShell 3.0″.  We were the first 2 folks in line & Ed snapped this quick photo.  Thanks Ed!

Although the book (and picture) was a highlight, the best part was that we also attended the very first public preview of PowerShell 4.0 in which we were introduced to Desired State Configuration.  What an experience!

Check out Ed’s PowerShell blog and Kevin’s IT blog.

Exchange 2010 Service Pack 3 Announced

Yesterday the Exchange Team announced on You Had Me At Ehlo that Exchange 2010 Service Pack 3 will be release in the first half of 2013.  It looks like the focus on the Service Pack is coexistence with Exchange 2013 and support for installation on Windows Server 2012.  Cool!

The full article can be found on their blog post.

Disable Outlook MAPI (RPC) Fallback

Microsoft Outlook 2010 will fallback to an RPC (MAPI) connection if Outlook Anywhere (RPC/HTTPS) is unable to connect.  In certain situations, like troubleshooting, it’s valuable to disable this behavior.  This can be accomplished by setting the DisableRpcTcpFallback registry key located at HKCU\Software\Microsoft\Office\14.0\Outlook\RPC to “1″.

DisableRpcTcpFallback Screenshot

To disable this just set the value to 0 or delete the key.

Cheers!

Exchange Cross-Forest Resource Booking

Symptom

In a co-existence scenario where resource mailboxes are in one forest and user mailboxes are in another. The user attempting to book a resource (using GALSynced Contact & hidden namespace SMTP) does not get a confirmation that the resource was booked.

When looking a the resource mailbox we see the booking request is received, marked tentative on the calendar, the message is then moved to deleted items, no reply is sent.

Enabled processing of external meeting messages by setting “processexternalmeetingmessages” property on the resource mailbox to $true. This allowed the meeting request to be accepted and booked, but still no reply message is sent to the requesting user.

Cause

It has to do with Exchange trusting (or authenticating) the source of the meeting request.

Resolution

Configure/create Receive Connector to be put in place to allow the external resource booking as detailed below:

Make your new scoped connector an Externally Secured connector

This option is the most common option, and preferred in most situations where the application that is submitting will be submitting email to your internal users as well as relaying to the outside world.

Before you can perform this step, it is required that you enable the Exchange Servers permission group. Once in the properties, go to the Permissions Groups tab and select Exchange servers.


Next, continue to the authentication mechanisms page and add the “Externally secured” mechanism. What this means is that you have complete trust that the previously designated IP addresses will be trusted by your organization.


Caveat: If you do not perform these two steps in order, the GUI blocks you from continuing.

Do not use this setting lightly. You will be granting several rights including the ability to send on behalf of users in your organization, the ability to ResolveP2 (that is, make it so that the messages appear to be sent from within the organization rather than anonymously), bypass anti-spam, and bypass size limits. The default “Externally Secured” permissions are as follows:

MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Authoritative-Domain}
MS Exchange\Externally Secured Servers {ms-Exch-Bypass-Anti-Spam}
MS Exchange\Externally Secured Servers {ms-Exch-Bypass-Message-Size-Limit}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Exch50}
MS Exchange\Externally Secured Servers {ms-Exch-Accept-Headers-Routing}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Submit}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Any-Recipient}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Authentication-Flag}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Any-Sender}

Basically you are telling Exchange to ignore internal security checks because you trust these servers. The nice thing about this option is that it is simple and grants the common rights that most people probably want.

Reference Material

The following sites were referenced:

PowerShell Script Add-EmailSuffix.ps1: Bulk Add Email Address Suffix in Exchange 2010

I recently had a need to bulk add email addresses to accounts in bulk.  I didn’t want to use Email Address Policies (for some non-related reason) so I decided to put together a handy PoSH script to add the addresses.

The Script has a few cool features:

  • Verifies the email address suffix is valid (including non-publicly routable addresses, i.e. domain.local).
  • Accepts input from the pipeline so you can filter the results of Get-Mailbox to quickly add the addresses.
  • Validates Email address has been added.
  • Output to screen.
  • Included help section.

Below is the source, or you can download Add-EmailSuffix.ps1


<#  
.SYNOPSIS  
   	Adds email address suffix to mailbox based on Alias.
.DESCRIPTION  
    This script is intended to enable bulk addition of email addresses.
.NOTES  
    Version 			: 1.0 - 06/28/2012 - initial release
	Rights Required		: Recipient Admin in Exchange Org
    Exchange Version	: 2010
    Author       		: Robert Durkin
    Author Email		: rdurkin@iccohio.com
	Author Blog			: http://ehloworld.net
    Disclaimer   		: You running this script means you won't blame me if this breaks your stuff.

.LINK  

http://ehloworld.net/?p=250

.PARAMETER Mailboxes
    The Identity parameter specifies the mailbox.
    This parameter accepts the following values:
    * Example: JPhilips
    * Example: Atlanta.Corp.Contoso.Com/Users/JPhilips
    * Example: Jeff Philips
    * Example: CN=JPhilips,CN=Users,DC=Atlanta,DC=Corp,DC=contoso,DC=com
    * Example: Atlanta\JPhilips
    * Example: fb456636-fe7d-4d58-9d15-5af57d0354c2
    * Example: fb456636-fe7d-4d58-9d15-5af57d0354c2@contoso.com
    * Example: /o=Contoso/ou=AdministrativeGroup/cn=Recipients/cn=JPhilips
    * Example: Jeff.Philips@contoso.com
    * Example: JPhilips@contoso.com

.PARAMETER EmailSuffix
	Valid email address suffix in the format of '@domain.suffix'

.EXAMPLE
	Get-Mailbox | .\Add-EmailSuffix.ps1 -EmailSuffix "@domain.com"
	This would add the email address suffix @ohio.gov to all mailboxes.		

.EXAMPLE
	.\Add-EmailSuffix.ps1 -Mailboxes "bob.durkin@domain.com" -EmailSuffix "@domain.com"
	Add the email address suffix @domain.com to the mailbox with bob.durkin@domain.com.

.INPUTS
	Accepts pipline input for the Mailboxes parameter.
.OUTPUTS
	To Screen
#>

#Requires -Version 2.0

##############
# Parameters #
##############

param([parameter(Mandatory=$True, ValueFromPipeline=$true, Position=0)][Object[]]$Mailboxes,
	  [parameter(Mandatory=$True, ValueFromPipeline=$false)][String]$EmailSuffix)

########
# Main #
########

begin {
	#Regex to test email address.  Does not check for internet routable compliance, by design.
	$EmailAddressRegex = "@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?"
}

process {

	#Test for valid email address suffix format.
	If (!($EmailSuffix -match $EmailAddressRegex)) {
		Write-Host "Invalid Email Address Suffix. Please specify a valid address suffix (i.e. @domain.com)." -ForegroundColor Red
		Exit
	}
	
	Foreach ($Mbx in $Mailboxes) {
		[string]$NewAddress = $Mbx.Alias+$EmailSuffix
		Write-Host "Adding $NewAddress to" $Mbx.Alias
		Set-Mailbox $Mbx -EmailAddresses @{Add=$NewAddress}
		If ((Get-Mailbox $Mbx).EmailAddresses | ?{$_.SmtpAddress -like "*$EmailSuffix"}) {
			Write-Host "Verified that $NewAddress is a valid email address on $Mbx.Alias" -ForegroundColor Green
		} Else {
			Write-Host "Failed to add $NewAddress to $Mbx.Alias" -ForegroundColor Red
		}
	}
}

Enabling the MRSProxy Service on Exchange 2010 RTM & SP1 (pre-SP2)

The MRSProxy is a component of Microsoft Exchange 2010 that facilitates cross-forest mailbox moves.

Microsoft improved the management of the Exchange 2010 MRSProxy with SP2.  There are new cmdlets available to allow for easier management of the MRSProxy component, however, Microsoft did not maintain the TechNet documentation that describes how to do this on systems that do not have SP2 installed.  The TechNet article, Start the MRSProxy Service on a Remote Client Access Server, has been updated to only show the SP2 approach.

As a reference, here is how you enable the MRSPRoxy fon Exchange servers prior to SP2.

To enable the MRSProxy service, you need to edit the EWS “web.config” file that is located (Default Install Dir) in “C:\Program Files\Exchange Server\V14\Client Access\exchweb\ews”.  The parameter to edit is “IsEnabled” that is located in the section that starts with “<!– Mailbox Replication Proxy Server configuration –>

Update the web.config line that reads IsEnabled=”false” to IsEnabled=”true”.

I’m not sure if it is required, but I usually restart the Microsoft Exchange Mailbox Replication service after this change is complete.  Keep im mind this service is responsible for transaction log shipping, so you may want to shuffle around your active database copies if you are using a DAG or perform this change during a maintenance window.

Restart-Service MSExchangeMailboxReplication

For more information about cross-forest mailbox moves check out the TechNet article titled, Understanding Move Requests.

Preparing to Rebuild an Entire Exchange 2010 Organization

With the release of Exchange 2010 there has been some great advancement with high availability and site resiliency.  The traditional methods of disaster recovery are fading away.  Modern day high availability capabilities are introducing backup-less strategies.  Does that mean we don’t need to know how to get our messaging systems up and running in the event of a large scale major disaster….I think not?!

This thought process all got started when I was working to a recent effort to bring up a lab environment.  We didn’t have a lab in any way, but some systems were hosted on VMware’s hypervisor.  This included a couple Domain Controllers, but not any Exchange servers (mix of E2K7 & E2K10).  Creating a lab that mirrored production from scratch would be quite the undertaking, I mean, we were talking about some 14+ Exchange servers….not fun.  Well, to me, that scenario felt a lot like a disaster recovery situation and it got my wheels turning.  The use of Exchange’s recovery feature (setup.exe /m:RecoverServer) would allow me to leverage the directory (AD) that could be quickly cloned (thank you virtualization) to the lab.  After all, most Exchange configuration information is stored in Active Directory.  After building a few virtual machines for Exchange and I should be up and running.  I should mention that in this case, I don’t really care about the data, so the only material I really need is a Domain Controller and the Exchange installation media.

Read more

Field Notes: Exchange 2010 Coexistence and URL Redirection Mayhem

During a recent deployment of Exchange 2010 I ran into a rather challenging issue. This deployment involved maintaining a solid coexistence with a legacy Exchange 2003 deployment. After updating DNS records to route traffic to the Exchange 2010 CAS server(s) and configuring URL redirection using the method described in the MS TechNet article Simplifying the Outlook Web App URL (modified date: 2010-04-19) connections to the <CASArrayURL>\Exchange were receiving an IIS error (see Symptoms).

The project required that we maintain this URL functionality because users were both familiar with this URL and many had shortcuts that referenced this location.

Read more

Checking Exchange 2010 for Open Relay Configuration

There is plenty of information on the web that instructs us how to configure Exchange 2010 (or 2007) to allow for relay of SMTP to external recipients (Open Relay). For example, Microsoft has posted these instructions.

However, I couldn’t easily find any information about how to check if this was already configured. This could be handy in verifying that a recent configuration was successful or with troubleshooting an open relay issue. The following PowerShell command checks all Receive Connectors on all Exchange servers (2007 & 2010) and returns any Receive Connectors that have been granted the ability to relay to external recipients.

Get-ReceiveConnector | get-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" | Where {$_.ExtendedRights -like "Ms-Exch-SMTP-Accept-Any-Recipient"}

Send-SMTP PowerShell Script

I’ve been creating scripts to automate administrative tasks for myself and clients. PowerShell scripts are a very nice way of accomplishing the needed automation when working with Exchange 2010.

One such task often involves gathering information for monitoring purposes. To facilitate the sharing of information it is always helpful to be able to send email.

I have been using this script for a while now that allows for just that. The code is below or you can download the .ps1 file: Send-SMTP.ps1. Enjoy!

<#  
.SYNOPSIS  
    Sends Email Message
.DESCRIPTION  
    Allows the generation and submission of a SMTP message to an MTA (email server).
    
.NOTES  
    Version      : 1.0 - 04/26/2010 - initial version
    Rights Req'd : Local Server Admin
    Sch Task Req : No
    Author       : Robert Durkin
    Email        : rdurkin (at) ehloworld.net
    Blog         : http://ehloworld.net
    Disclaimer   : Don't blame me if this breaks your stuff.  Please don't Spam!
    References   : 
.LINK  
	Online Version: http://ehloworld.net/?p=60
.EXAMPLE
	.\Send-SMTP.ps1 -From "sender@domain.net" -To "recipient@domain.net" -Subject "Blog Post" -Body "Ehlo World!" -Server mailer.domain.com
.INPUTS

#>

#Requires -Version 2.0

PARAM(
	[Parameter(Mandatory = $True,valueFromPipeline=$True)][string] $From,
	[Parameter(Mandatory = $True,valueFromPipeline=$True)][string] $To,
	[Parameter(Mandatory = $True,valueFromPipeline=$True)][string] $Subject,
	[Parameter(Mandatory = $True,valueFromPipeline=$True)][string] $Body,
	[Parameter(Mandatory = $True,valueFromPipeline=$True)][string] $Server,
	[Parameter(Mandatory = $false,valueFromPipeline=$True)] $File
) #end param

#Create Mailer Object and assign values
$MTA = New-Object Net.Mail.SMTPclient($Server)
$Msg = New-Object Net.Mail.MailMessage

$Msg.From = $From
$Msg.To.Add($To)
$Msg.Subject = $Subject
$Msg.Body = $Body

#Attach File, if applicable
IF ($File -ne $Null)
{
	$File = New-Object Net.Mail.Attachment($File)
	$Msg.Attachments.Add($File)
}

$MTA.send($Msg)