Subject Exchange: Weekend reading

• OWA bug compromises item preservation for litigation and in-place holds


• Exchange 2013 Cumulative Update 6 begins to address public folder scalability


• Why does my old password work via Activesync?


• Introducing the Office 365 FastTrack Pilot Option


• Track deleted email items after a central mailbox move


• Join us for Tuesday’s webinar: Archiving items in Outlook


• Released: Update Rollup 14 for Exchange Server 2007 Service Pack 3


• Released: Update Rollup 7 for Exchange Server 2010 Service Pack 3


• Released: Cumulative Update 6 for Exchange Server 2013


• Public Folder Updates in Exchange 2013 CU6: Improving Scale and More


• Managing RBAC Roles with RBAC_Manager, with Five easy steps.


• Planning and Migrating a Small Organization from Exchange 2003 to Exchange 2013 (Part 11)


• Deploying an Exchange 2013 Hybrid Lab Environment in Windows Azure (Part 13)


• Finding back exceptions of a recurring meeting or appointment


• Show total unread item count of collapsed folders


• Use Outlook’s Contacts, not Contact Cards


• Sync Google Calendar with Outlook


• Outlook 2013 Favorites: Folder Order Frequently Changes


• Ignore conversations in Outlook

from Exchange News Full Article

EighTwOne: Exchange 2007 SP3 Rollup 14

Today the Exchange Team released Rollup 14 for Exchange Server 2007 Service Pack 3 (KB2936861). This update raises Exchange 2007 version number to 8.3.379.2.

This Rollup introduces daylight saving times (DST) changes.

Notes:

• When running ForeFront Protection for Exchange, make sure you disable ForeFront before installing the rollup and re-enable it afterwards, otherwise the Information Store and Transport services may not start. You can disable ForeFront using fscutility /disable and enable it using the fscutility /enable command;


• If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking;


• Rollups are cumulative per service pack level, i.e. they contain fixes released in earlier update Rollups for the same product level (RTM, SP). This means you don’t need to install previous Rollups during a fresh installation but can start with the latest Rollup package.

As with any Hotfix, Rollup or Service Pack, I’d recommend to thoroughly test this rollup in a test and acceptance environment first, prior to implementing it in production.

You can download Exchange 2007 SP3 Rollup 14 here.

Filed under: Exchange 2007 Tagged: Exchange2007, Rollup, SP3



from Exchange News Full Article

MSExchange.org: Deploying an Exchange 2013 Hybrid Lab Environment in Windows Azure (Part 13)

In this article we will populate the lab environment with test users and then mailbox enable the test users. Moreover, we will create pubic folders. Lastly, we will talk about how you can fill the mailboxes and public folders with test data.



from Exchange News Full Article

EighTwOne: Exchange 2010 SP3 Rollup 7

Today the Exchange Team released Rollup 7 for Exchange Server 2010 Service Pack 3 (KB2961522). This update raises Exchange 2010 version number to 14.3.210.2.

This Rollup includes the following fixes:

• 2983261 “HTTP 400 – Bad Request” error when you open a shared mailbox in Outlook Web App in an Exchange Server 2010 environment


• 2982873 Outlook Web App logon times out in an Exchange Server 2010 environment


• 2980300 Event 4999 is logged when the World Wide Web publishing service crashes after you install Exchange Server 2010 SP3


• 2979253 Email messages that contain invalid control characters cannot be retrieved by an EWS-based application


• 2978645 S/MIME option disappears when you use Outlook Web App in Internet Explorer 11 in an Exchange Server 2010 environment


• 2977410 Email attachments are not visible in Outlook or other MAPI clients in an Exchange Server 2010 environment


• 2976887 eDiscovery search fails if an on-premises Exchange Server 2010 mailbox has an Exchange Online archive mailbox


• 2976322 Assistant stops processing new requests when Events in Queue value exceeds 500 in Exchange Server 2010


• 2975988 S/MIME certificates with EKU Any Purpose (2.5.29.37.0) are not included in OAB in Exchange Server 2010


• 2966923 Domain controller is overloaded after you change Active Directory configurations in Exchange Server 2010

Notes:

• If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.


• If you got a DAG and want to properly update the DAG members, check the instructions here.


• Rollups are cumulative per service pack level, i.e. they contain fixes released in earlier update Rollups for the same product level (RTM, SP). This means you don’t need to install previous Rollups during a fresh installation but can start with the latest Rollup package.

As with any Hotfix, Rollup or Service Pack, I’d recommend to thoroughly test this rollup in a test and acceptance environment first, prior to implementing it in production.

You can download Exchange 2010 SP3 Rollup 7 here.

Filed under: Exchange 2010 Tagged: Exchange 2010, Rollup, SP3



from Exchange News Full Article

EighTwOne: Exchange 2007 SP3 Rollup 14

Today the Exchange Team released Rollup 14 for Exchange Server 2007 Service Pack 3 (KB2936861). This update raises Exchange 2007 version number to 8.3.379.2.

This Rollup introduces daylight saving times (DST) changes.

Notes:

• When running ForeFront Protection for Exchange, make sure you disable ForeFront before installing the rollup and re-enable it afterwards, otherwise the Information Store and Transport services may not start. You can disable ForeFront using fscutility /disable and enable it using the fscutility /enable command;


• If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking;


• Rollups are cumulative per service pack level, i.e. they contain fixes released in earlier update Rollups for the same product level (RTM, SP). This means you don’t need to install previous Rollups during a fresh installation but can start with the latest Rollup package.

As with any Hotfix, Rollup or Service Pack, I’d recommend to thoroughly test this rollup in a test and acceptance environment first, prior to implementing it in production.

You can download Exchange 2007 SP3 Rollup 14 here.

Filed under: Exchange 2007 Tagged: Exchange2007, Rollup, SP3



from Exchange News Full Article

Exchange Team Blog: Released: Update Rollup 7 for Exchange Server 2010 Service Pack 3

The Exchange team is announcing today the availability of Update Rollup 7 for Exchange Server 2010 Service Pack 3. Update Rollup 7 is the latest rollup of customer fixes available for Exchange Server 2010 Service Pack 3. The release contains fixes for customer reported issues and previously released security bulletins. Update Rollup 7 is not considered a security release as it contains no new previously unreleased security bulletins. A complete list of issues resolved in Exchange Server 2010 Service Pack 3 Update Rollup 7 may be found in KB2961522. Customers running any Service Pack 3 Update Rollup for Exchange Server 2010 can move to Update Rollup 7 directly.

The release is now available on the Microsoft Download Center. Update Rollup7 will be available on Microsoft Update in September.

Note: The KB article may not be fully available at the time this post was published.

The Exchange Team

from Exchange News Full Article

Exchange Team Blog: Released: Update Rollup 14 for Exchange Server 2007 Service Pack 3

The Exchange team is announcing today the availability of Update Rollup 14 for Exchange Server 2007 Service Pack 3. This latest rollup supports recent DST updates. The rollup contains all previously released security bulletins and fixes and updates for Exchange Server 2007 Service Pack 3 as well. This is not a security release, but customers are encouraged to deploy these updates to their environment once proper validation has been completed. More information on this rollup is available in KB2936861.

Note: The KB article may not be fully available at the time this post was published.

The Exchange Team

from Exchange News Full Article

MSExchange.org: Planning and Migrating a Small Organization from Exchange 2003 to Exchange 2013 (Part 11)

In the previous part of this series we installed our Exchange 2010 staging server and generated the SSL certificate that we will use for both Exchange 2010 and Exchange 2013. In this part of the series we’ll begin configuration of the staging server ready to move mailboxes on to.



from Exchange News Full Article

msexchange.org: Forrester explains how to survive and thrive in a hybrid world

Download this report from Forrester:



from Exchange News Full Article

msexchange.org: Getting the Most out of Your Office 365 Trial

Don't miss this live virtual session that will occur on Aug-26.



from Exchange News Full Article

msexchange.org: AAD Connect Beta

Connecting AD and Azure AD: Only 4 clicks with Azure AD Connect.



from Exchange News Full Article

msexchange.org: Update for Microsoft Outlook 2013 (KB2889859)

Microsoft has released an update for Microsoft Outlook 2013. This update provides the latest fixes to Microsoft Outlook 2013. Additionally, this update contains stability and performance improvements.



from Exchange News Full Article

msexchange.org: Useful Management Packs updated - August 2014

Check out these updated management packs for System Center Operations Manager.



from Exchange News Full Article

Exchange Team Blog: Released: PelNet v2.0

• download

EHLO Exchange community,

It seems that PelNet has been well received and I’ve been receiving requests to add much wanted functionality to PelNet. So this article is a quick update on some of the cool new features that administrators can use to help troubleshoot and validate mail flow.

The new features added in this release:

1. Ability to test against multiple recipients – this is useful if you want to test to multiple external domains without having to run the tool again.


2. Optimized remote execution against transport servers for better performance across a large amount of servers.


3. The ability to validate if TLS negotiation is working. This is one of the most useful feature additions.

The above features gave birth to two new parameters validateTLS and CertThumbPrintOverride.

Let’s recap the parameters with the new ones introduced.

• AddressSpace: Which AddressSpace should the script look for in the Send Connectors?


• sendConnector: Specify if you want the scope to be a single Send Connector.


• SourceTransportServers: Accepts comma separated list of transport servers to test from.


• smartHost: The smarthost you want to test against. Accepts comma separated list value. (when validating TLS be sure to use FQDN of remote host – certificate validation will fail if IP is used)


• mailSubmissionTest: Use this switch if you want the script to submit the mail to the mailbox. If you omit the parameter the script will skip the DATA portion of the SMTP verb.


• From: From address (postmaster@contoso.com)


• Rcpt: Recipient Addresses –accepts comma separated list of addresses (testmailbox@fabrikam.com,testmailbox@wingtiptoys.com)


• LogFolderPath: Log file and report location, default will be current path if not specified.


• Port: Default is 25, but you can specify a custom port if you need to.


• validateTLS: This switch will enable TLS validation – this changes the SMTP verb array being used to include the STARTTLS verb (and some other more complicated stuff).


• CertThumbPrintOverride: This allows the operator to override the logic used to determine the SMTP certificate assigned to the transport servers.
  

  This can also be used to test TLS to a specific host before assigning the certificate to the SMTP service in Exchange, i.e. pre-validations prior to production change. The certificate needs to be in the local machine certificate store.

  
  

  It’s important to note that the code logic uses best effort to determine the SMTP certificate assigned. Using the CertThumbPrintOverride parameter allows you to override this easily.

  
  

Script Execution Examples

Show the full help with examples

Get-help .\pelnet.ps1 -full

To test mail flow and validate TLS to a smarthost against all the transport servers on port 25 to multiple recipients. (Will not submit the message for delivery)

.\PelNet.ps1 -From postmaster@adatum.com -Rcpt user1@contoso.com,user2@fabrikam.com,user3@wingtiptoys.com -smarthost webmail.contoso.com -validateTLS

To test mail flow and validate TLS to a smarthost against all the transport servers on port 25 to multiple recipients. (Submits the message for delivery and override the certificate to use)

.\PelNet.ps1 -From postmaster@adatum.com -Rcpt user1@contoso.com,user2@fabrikam.com,user3@wingtiptoys.com -smarthost webmail.contoso.com –validateTLS –mailsubmissiontest –certThumbprintOverride 1A13124HJG1234K12JHG312J123D

To test mail flow and validate TLS to EOP from your hybrid servers on port 25 to multiple recipients (also submit the mail to EOP).

.\PelNet.ps1 -From postmaster@adatum.com -Rcpt user1@contoso.com,user2@fabrikam.com,user3@wingtiptoys.com -smarthost adatum-mail-onmicrosoft-com.mail.protection.outlook.com –validateTLS –sourceTransportServers E15HYBRID01,E15HYBRID02 -mailsubmissiontest

The TLS validation logic will authenticate against the remote server with the certificate assigned to SMTP or the certificate that matches the thumbprint used in the override parameter. If the remote host is configured with Opportunistic TLS and the handshake fails the session will fall back to unencrypted SMTP.

The console output won’t show the verb’s being sent as the code is invoking on multiple servers concurrently, but the final output table and output file will be exactly as previously described in PelNet 1.0.

From the below output:

STARTTLS verb being sent with server responding with 2.0.0 SMTP Server Ready and subsequent SSL Stream is established by authenticating against target host using certificate that matches thumbprint provided (or dynamically found using best effort).

Verbs being sent over SSL stream and successful recipient lookup.

The following is an example of a certificate validation issue on one server:

Some of the most common certificate validation errors are:

• Certificate revocation list not found.


• The remote hostname does not match the name on the certificate.


• Certificate is expired.


• The root certificate is not installed on the sending server, i.e. the server does not trust the remote certificate it received.

The above validation error was quickly fixed by installing the root certificate from the Contoso environment on the EX14-02 server.

Until next time,

Michael Hall

Service Engineer

Office 365

from Exchange News Full Article

MSExchange.org: Managing mailbox features with corporate profiles (Part 2)

In this article of this series the author works on built-in policies, a central file to keep all corporate polies and a script to check the values of any given user.



from Exchange News Full Article

msexchange.org: Which email application is right for you: Outlook or Gmail?

In case you are in doubt 😊



from Exchange News Full Article

Exchange Team Blog: Handling email viruses with Exchange Online

When customers receive an email with a suspected virus, they often ask “What do I do now?”

This blog post helps answer that question and guides you through our recommended process. This is intended for customers using Office 365 or Exchange Online Protection with on-premises Exchange servers.

First, it is important to understand the difference between an infected and uninfected email. Any email that has an attachment containing a script or malicious executable is considered ‘a virus’ for our purposes. This does not include subscription-based messages with links to malicious sites. Those messages would be considered spam and not viruses, and a different approach is used for spam messages (see this and this).

To deal with an email virus, here are some quick actions that you can perform:

1. Start at the filtering layer. We recommend using EOP, as it is the default option for Office 365 users. However, if you are using a third-party filtering mechanism, you will need to contact your vendor to investigate further. If the email virus has gone through Exchange Online Protection (EOP), or if header information is missing, then proceed to the next step.

2. Create a Transport Rule to block the message. Note that Office 365 Small Business and Small Business Premium customers will not have this feature access as mentioned here. See here also for information about transport and inbox rules limits. If you are an EOP customer, you can perform these steps as mentioned in Microsoft Knowledge Base article 2959596:

• Navigate to Mail Flow in the Exchange Admin Center.


• Click + to create a new rule.


• Click More Options.

Under Apply this rule if, choose any attachment has executable content. At this point you can also choose an action under Do the following. We recommended choosing Block the message…

Make sure no other Transport rules exist that would override this rule. See Manage Transport Rules for more information.

3. Submit the email virus sample immediately to Microsoft Malware Protection Center (MMPC) for further analysis. In order to receive analysis updates, please sign into the MMPC Web site, or enter a valid email address. We recommend you to use your Microsoft account email address.

4. Once you have logged in, select O365 and Exchange Online Protection. Follow the instructions outlined on the MMPC to understand if you need to compress the email virus sample before uploading it to the site. Once you have completed the procedure, make note of the final MMPC ID that will be sent to you from the MMPC Submission Support Team.

If you are dealing with an email virus that has a sender of administrator@domain.com or fax@domain.com with domain.com being same as your Office 365 domain, we also recommend blocking the sending server’s IP address and enabling the SPF hard fail in addition to the steps mentioned above. Also, see Best Practices for Configuring EOP.

If you continue receiving infected messages or attachments, then you should copy the message headers from the email virus, and contact Microsoft Customer Service and Support for further assistance. Be sure to have your MMPC ID handy, as well.

Irol Pinto

Technical Advisor, Microsoft Corporation

from Exchange News Full Article

MSExchange.org: E-mail Forensics in a Corporate Exchange Environment (Part 1)

While most e-mail investigations make use of 3rd-party tools to analyses Outlook data, this article series will explore a few basic methods on how a forensics investigator can gather and analyze data related to an e-mail investigation in an Exchange 2010, 2013 and/or Online environments using information provided by Exchange features or using MFCMapi.



from Exchange News Full Article

msexchange.org: Spam email and Office 365 environment - connection and content filtering in EOP

In the last related blog post we gave some introduction about Exchange Online Protection (EOP), what needs to be done when EOP is not working as desired and spam email troubleshooting process and classification. In this blog we will be moving further and discussing some more advanced option to stop spam emails.



from Exchange News Full Article

msexchange.org: Migrating to a Hybrid Server Environment with Microsoft Azure

Business Case Study



from Exchange News Full Article

MSExchange.org: Exchange 2013 Sizing Cheat Sheet (Part 2)

How to size the different Exchange Server 2013 roles and validate the final design.



from Exchange News Full Article

msexchange.org: AAD Sync Beta 3 Available

The Azure Active Directory Synchronization services team is happy to announce that the AAD Sync Beta 3 is now available for download through the Identity and Access Management program on Microsoft Connect. In this release we made a lot of investments in our Hybrid Exchange and Multi-forest configurations and added the experience for multi-forest password write-back.



from Exchange News Full Article

MSExchange.org: Managing mailbox features with corporate profiles (Part 1)

In this new article series, the author goes over the process of creating corporate profiles, which will be then used to manage a larger number of mailboxes from a central location.



from Exchange News Full Article

msexchange.org: Top 10 reasons to trust Microsoft in the cloud

This document summarizes the top ten reasons that enterprise organizations trust Microsoft cloud services because of our commitment to security, privacy, and compliance.



from Exchange News Full Article

msexchange.org: Successful Meetings with Lync 2013 v3.0

The Successful Meetings with Lync 2013 document has been updated to version 3.0.



from Exchange News Full Article

msexchange.org: Rights Management Services downloads

Check out these new 2 downloads for Rights Management Services.



from Exchange News Full Article

msexchange.org: Microsoft Exchange and Microsoft Outlook Standards Documentation - July 2014

The Microsoft Exchange and Microsoft Outlook standards documentation describes how Exchange and Outlook support industry messaging standards and Requests for Comments (RFCs) documents about iCalendar, Internet Message Access Protocol – Version 4 (IMAP4), and Post Office Protocol – Version 3 (POP3).



from Exchange News Full Article

msexchange.org: Microsoft Exchange Server Protocol Documentation - July 2014

The Microsoft Exchange protocol documentation provides detailed technical specifications for the Microsoft protocols that are implemented and used by Microsoft Exchange to interoperate or communicate with other products. It also provides technical specifications for extensions to industry-standard and other published protocols that are used by Microsoft Exchange.



from Exchange News Full Article

msexchange.org: Managed Availability Probes

from Exchange News Full Article

msexchange.org: Lowering the Cost and Complexity of Medical Image Archiving through the Cloud

from Exchange News Full Article

msexchange.org: Register for Tuesday’s webinar on Using Outlook Web App

from Exchange News Full Article

msexchange.org: Office 365 Portal has been upgraded

One of the most noticeable changes is that we now have an expandable navigation pane. Nice addition if you ask me...



from Exchange News Full Article

MSExchange.org: Deploying an Exchange 2013 Hybrid Lab Environment in Windows Azure (Part 12)

In this part of our article series we will focus on the Mailbox role side of things.



from Exchange News Full Article

msexchange.org: Exchange 2013: Recipient Filtering Agent (More Lessons in Proxy)

from Exchange News Full Article

msexchange.org: Cloud Ecosystem Poster: Microsoft Azure, Windows Server 2012 R2, System Center 2012 R2

from Exchange News Full Article

msexchange.org: Microsoft Azure (IaaS) Cost Estimator Tool

from Exchange News Full Article

msexchange.org: Use PowerShell to Force Office 365 Online Users to Change Passwords

from Exchange News Full Article

msexchange.org: Garage Series Road Trip Dubai: Taking Project and OWA offline to the desert

from Exchange News Full Article

MSExchange.org: Product Review: QuadroTech PST FlightDeck

In this review, the author will explore PST FlightDeck from QUADROtech, a tool to help getting rid of PST files once and for all.



from Exchange News Full Article

MSExchange.org: Exchange 2013 Sizing Cheat Sheet (Part 1)

How to correctly size the different Exchange Server 2013 roles.



from Exchange News Full Article

MSExchange.org: Deploying an Exchange 2013 Hybrid Lab Environment in Windows Azure (Part 12)

In this part of our article series we will focus on the Mailbox role side of things.



from Exchange News Full Article

msexchange.org: Exchange 2013: Recipient Filtering Agent (More Lessons in Proxy)

from Exchange News Full Article

msexchange.org: Cloud Ecosystem Poster: Microsoft Azure, Windows Server 2012 R2, System Center 2012 R2

from Exchange News Full Article

msexchange.org: Microsoft Azure (IaaS) Cost Estimator Tool

from Exchange News Full Article

msexchange.org: Use PowerShell to Force Office 365 Online Users to Change Passwords

from Exchange News Full Article

msexchange.org: Garage Series Road Trip Dubai: Taking Project and OWA offline to the desert

from Exchange News Full Article

msexchange.org: Use PowerShell for Office 365 Reporting

from Exchange News Full Article

MSExchange.org: Product Review: QuadroTech PST FlightDeck

In this review, the author will explore PST FlightDeck from QUADROtech, a tool to help getting rid of PST files once and for all.



from Exchange News Full Article

MSExchange.org: Exchange 2013 Sizing Cheat Sheet (Part 1)

How to correctly size the different Exchange Server 2013 roles.



from Exchange News Full Article

msexchange.org: Connecting AD and Azure AD: Only 4 clicks with Azure AD Connect

We've heard consistent feedback that integrating your on premises identities with Azure AD is harder than it should be. There are too many pages of documentation to read, too many different tools to download and configure, and far too much on premises hardware required. We agree!



from Exchange News Full Article

EighTwOne: HCW 2013 Subtask CheckPrereqs execution failed

A quick heads-up on the Hybrid Configuration Wizard (HCW) in Exchange 2013, which is broken. The HCW in Exchange 2010 does not have this issue.

The HCW is needed when you want to configure or maintain your Exchange 2013 Hybrid configuration. When checking the prerequisites, the Exchange 2013 HCW may throw the following error message:

Subtask CheckPrereqs execution failed: Check Tenant Prerequisites
Deserialization fails due to one SerializationException: 
Microsoft.Exchange.Compliance.Serialization.Formatters.BlockedTypeException: 
The type to be (de)serialized is not allowed: 
Microsoft.Exchange.Data.Directory.DirectoryBackendType

The issue has been documented in KB2988229. An Interim Update is available, as reported here. The IU is available for Service Pack 1 (CU4) and Cumulative Update 5. Unfortunately, the IU is not available publicly but must be requested by contacting support. The fix will be incorporated in Exchange 2013 Cumulative Update 6.

If you must, you can use Exchange fellow Steve Goodman’s instructions documented here to manually configure Hybrid configuration. Be advised that, as Steve also points out, the support status of your Exchange Hybrid deployment depends on being able to run HCW successfully.

Filed under: Exchange 2013 Tagged: Exchange2013, Hybrid, Office365



from Exchange News Full Article

msexchange.org: New Office 365 admin tools

I know lots of you have been waiting for this :)



from Exchange News Full Article

msexchange.org: Use PowerShell to Create Bulk Users for Office 365

Summary: Microsoft Scripting Guy, Ed Wilson, talks about creating bulk users in Office 365.



from Exchange News Full Article