SSL certificate errors on Outlook for Mac caused by Outlook bug

Outlook 2016 for Mac has a bug in it that causes Outlook to show a security error when connecting to an Exchange server even when the Exchange server and all parts are properly configured.  This post will talk about what the error looks like and how to make the error disappear.

When opening or configuring Outlook for Mac that connects to an Exchange account, users will get an error like this:

You can hit "continue" to get through the error, but to remove the error forever more . . .

Hit "Show Certificate"
Check the box for "Always trust"
Hit Continue
Enter your password at the prompt that comes up.

Using a Windows Server as an authenticated relay server to Office365

If you've got an on-premise device that doesn't support TLS and you're on Office365 (or other outsourced Exchange), you're in a bind.  Most of the info here comes from this article:

http://www.configureoffice365.com/configure-office-365-smtp-relay/

I'm copying and pasting parts of it below, simplifying parts, and adding my own hints.  This presumes Windows Server 2008.  Some Windows 2012 steps are here.

Part 1 - Add IIS if not already installed

1. In Server Manager, select Add Roles.
2. On the Select Server Roles page, select Web Server (IIS) and select Install.
3. Select Next until you get to the Select Role Services page.
4. In addition to what is already selected, make sure that ODBC Logging, IIS Metabase Compatibility, and IIS 6 Management Console are selected and then select Next.
5. When you’re prompted to install IIS, select Install. You may need to restart the server after the installation is finished.

Part 2 - Install SMTP

1. Open Server Manager and select Add Features.
2. On the Select Features screen, choose SMTP Server. You may be prompted to install additional components. If that’s the case, select Add Required Features and select Next.
3. Select Install. After the installation is finished, you may have to start the SMTP service by using the Services snap-in for the Microsoft Management Console (MMC).

Part 3 - Add TLS certificate

1. Office 365 requires TLS encryption and for this server to use TLS, it must have a certificate installed. 
2. In order to do this the Web Server (IIS) role and IIS Management Console must be installed (needs to be added via Server Manager -> Add Roles).  
3. To create the self-signed certificate: (Start->Administrative Tools->Internet Information Services (IIS) Manager->Select Host->Server Certificates->Create Self-Signed Certificate)

Part 4 - Configure SMTP server relay

1. Start->Administrative Tools->Internet Information Services (IIS) 6.0 Manager.
2. Click on the ‘+’ next to your host name.
3. Right-click on the [SMTP Virtual Server…] and select Properties. It’s now time to step through each of the tabs to configure the SMTP relay.
4. General Tab: The IP address should be set to (All Unassigned)
5. Access Tab: Click Authentication… and select the Anonymous access check box.
6. Access Tab: Click Connection… Select ‘All Except the list below’ and leave the list below blank. This allows any device inside your firewall to access this relay.
7. Access Tab: Click Relay… Select ‘All Except the list below’ and leave the list below blank. This allows any device inside your firewall to access this relay.
8. Messages Tab: No changes. The default works well.
9. Delivery Tab: Click Outbound Security… Select Basic authentication and enter the username and password that is used to send e-mail to the external server (Office 365 in this case). The user name must be a fully qualified (ex: user@companyname.com) valid Office 365 user licensed for Exchange. Check TLS encryption.
10. Delivery Tab: Click Outbound connections… Set the TCP port to 587.
11. Delivery Tab: Click Advanced Delivery and set the Fully-qualified domain name box to the name of the local server that is acting as the relay (ex: myserver1.domain.local). Set the Smart host the full-qualified name of the Office 365 SMTP Server (as of 8/6/14 - this is smtp.office365.com in all cases). Make sure the “Attempt direct…” box is unchecked.
12. LDAP Routing and Security Tabs: No changes to these areas.
13. Now there has to be a remote domain setup with the Office 365 domain name in it. Click the ‘+’ next to the [SMTP Virtual Server…] item
14. Right-click on Domains and select New-Domain which will launch a Wizard.
15. Select Remote and Next.
16. Enter the name of the Office 365 vanity domain (ex: mycompany.com)
17. Now this remote domain will be setup very similarly to the overall SMTP server. Right-click on the new domain name and select Properties.
18. Select Forward all mail to smart host and enter the same Office 365 SMTP Server as above (ex. smtp.office365.com)
19. Click on Outbound Security and configure the same as above. Select Basic authentication and enter the username and password that is used to send e-mail to the external server (Office 365 in this case). The user name must be a fully qualified (ex: user@companyname.com) valid Office 365 user licensed for Exchange. Check TLS encryption
20. Repeat steps 14 through 19 where step 16 is *.com for the domain
21. Repeat steps 14 through 19 where step 16 is *.org for the domain

Part 5 - Configure the on-premise device

1. Configure the on-premise device (copier, phone system, etc) with the IP address for the Windows server you have been working with as the SMTP server
2. For email address, enter the same address you entered in Part 4 step 9
3. Use port 25 and no authentication of any kind and no SSL or any other kind of encryption

Troubleshooting tips

• Make sure the firewall on the Windows server allows connections on port 25.  A good test is "telnet 10.0.0.18 25" where 10.0.0.18 might be the IP address of the server you're using as the relay
• I've seen instances where the first emails can take up to 90 minutes to relay.  I cannot explain this.  But it is true.
• As a test, try using Windows Mail or Outlook as a test mechanism.  If it succeeds through your test program, it's just a matter of configuring your device (copier, etc) properly
• On the relay server, there can be error messages located here if things aren't coming through after 90 minutes - C:\inetpub\mailroot\Badmail

Moving Legacy X.500 addresses to Office 365 from on-premise servers

I migrated from SBS 2003 to Office365, but I didn't use one of the standard method.  I recreated the users in the cloud and impored PSTs via Outlook.  This works fine except for the problem with internal routing where internal addresses use X.500 addresses and generate NDRs when sending to internal staff.

This is a helpful article on using the NDR text to create the X.500 address, though I found its instructions not quite right.

http://support.microsoft.com/kb/2807779

In my case, I found a slight adjustment needed to make it work.

Let's say you're getting an NDR that says:
IMCEAEX-_O=DOMAIN_OU=FIRST+20ADMINISTRATIVE+20GROUP_CN=RECIPIENTS_CN=JSMITH@namprd07.prod.outlook.com

For the user jsmith, create a new Exchange email address with a type of X500 (no period in the type - it is X500 not X.500), and enter the value with adjustments as suggested by MS in the article above:
Replace any underscore character (_) with a slash character (/).
Replace "+20" with a blank space.
Replace "+28" with an opening parenthesis character.
Replace "+29" with a closing parenthesis character.
Delete the "IMCEAEX-" string.
Delete the "@mgd.domain.com" string.
Add "X500:" at the beginning.

It looks like this.  It takes 5 to 10 minutes or so from when you add the email alias until it works, but it does work when you do it.

As an example, I turned this:

IMCEAEX-_o=ExchangeLabs_ou=Exchange+20Administrative+20Group+20+28FYDIBOHF23SPDLT+29_cn=Recipients_cn=e0c06d4eee7e4ec8b8a38d105ca7793c-joe@namprd08.prod.outlook.com

into this:

/o=ExchangeLabs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=e0c06d4eee7e4ec8b8a38d105ca7793c-joe

In the case above, I moved an Exchange mailbox from one account to another (via exporting the old mailbox to PST and importing into a new mailbox on a new account).

display shared Exchange calendars on an iphone/Droid

I'm documenting a solution for display shared calendars (for example your boss's calendar) on an iphone/Droid.  I tried this via two Office365 accounts (on two different domains), and it worked well.

Links to explain the process:
http://www.stevieg.org/2010/11/shared-exchange-calendars-on-ios-devices/

http://community.office365.com/en-us/f/158/t/13878.aspx

In essence, you share your boss's Exchange calendar as an iCal calendar (this does require a publishing process via right clicking on the calnendar and choose Share -> Publish this calendar).  In my tests, a web link to an .ICS files was created.  Send to the employee and the iphone (in my tests) will properly interpret the link as a shared calendar and add it as a calendar in calendars.

The name cannot be matched to a name in the address list for a valid user - Exchange 2010

In some cases, I hide old users in Exchange Management Console so they don't appear in the global address list.  I had done that with a certain user, and I kept trying and trying to no avail to configure his Outlook.  I kept getting "The name cannot be matched to a name in the address list for a valid user."  I could log in to webmail for the user, and I could log on to a laptop as the user with no trouble - but Outlook could not find the user during mailbox setup/configuration.

The error:

The solution (uncheck "hide from Exchange address lists")

removing "copy" from calendar appointments after importing calendar

Sometimes when importing a calendar into another Outlook calendar, most or all of the appointments will say "copy" before the appointment title.  A VB script that gives a fix is here:
http://answers.microsoft.com/en-us/office/forum/officeversion_other-outlook/importing-pst-outlook-calendars-subject-title-adds/c58ccd50-451d-4519-a1c9-f0d2491abba8

Recreated here for reference:

1. Press Alt+F11 which will open the VBA window. 
2. In the left pane, navigate to Project1-MS Outlook Object and double-click 'ThisOutlookSession'.
3. Paste the code into the window in the right pane (code below)
4. Press the green arrow button to execute the code.

Code to enter in step 3 (above):

Sub FixCopy()
Dim calendar As MAPIFolder
Dim calItem As Object
    
Set calendar = Application.GetNamespace("MAPI").GetDefaultFolder(olFolderCalendar)
        
Dim iItemsUpdated As Integer
Dim strTemp As String

iItemsUpdated = 0
For Each calItem In calendar.Items
    If Mid(calItem.Subject, 1, 6) = "Copy: " Then
      strTemp = Mid(calItem.Subject, 7, Len(calItem.Subject) - 6)
      calItem.Subject = strTemp
      iItemsUpdated = iItemsUpdated + 1
    End If
    calItem.Save
Next calItem

MsgBox iItemsUpdated & " of " & calendar.Items.count & " Items Updated"

End Sub

EMail hosting options for the small business for late 2012

Email hosting options have changed drastically in the last couple of years.  This post will cover the three main options I see for a company of 20 employees.  I'll lay out the costs as well so that companies with larger or small numbers of employees can make their own analyses.

I see three main options for corporate email hosting:
1) internal Exchange hosting
2) Hosted Exchange
3) Google Apps

Each has their own pros, cons, and costs which I will go over here.

Internal Exchange hosting:
For a long time, hosting Exchange internally was the only cost effective way to get Exchange.  When it cost more than $30 per user per month to get 2 GB of mailbox storage when hosting externally, it seemed like a no-brainer to get in-house Exchange for $8k to $12k.  For some people, internal Exchange hosting is still preferred.

Pros:

• you have complete control over your data (required for some law firms)
• you can open your Outlook in your terminal server
• Mailbox sync with the server when in the office is lightning fast
• you have full ability to customize your server with no limitations
• costs are generally one-time fees for hardware/software purchase and not ongoing and internal hosting is often cheaper over the long run (definitely the case for single server implementations as if often the case with small businesses)

Cons:

• implementation costs nearly double to get redundancy (redundancy typically requires two servers)
• anti-spam options are generally not as good for internal hosting options as they are for external hosting options
• problems (whether they be internal like a hardware failure or software crash or external like an ISP outage or power problem) can lead to long periods of time without email particularly if IT support is outsourced

Costs:
If we're talking about a company of 20 users, I'd say you could get a server for $8k that would suffice and handle up to 75 users.  Then I'd personally get Windows SBS 2011 for $750 (includes 5 licenses) and approximately $60 per license for the next 15 licenses.  We'd also want to get anti-spam software.  My current favorite is Vamsoft ORF.  For an SBS server, the price is $375.  Let's also add 20 hours of IT support time to build the server and 2 hours per month to maintain the server at a cost of $125 per hour (a total of 44 hours).  In total, we're looking at $15,525 for the first year and approx $3000 per year thereafter (24 hours of IT support at $125 per hour).  I might also include $240 per year in costs for online backup at ibackup.com in recurring costs and two 2 TB USB hard drives for on-site backup at a cost of $250 in one time costs.  So in total, I'd say we're looking at $15,775 for the first year.  Recurring annual cost beyond the first year is $3240.


Hosted Exchange:
In 2007 or so, the hosted email world was dramatically changed by the release of Google Apps.  Google began offering 25 GB mailboxes for $5 per mailbox per month.  Because they offered  comparable Exchange functionality at a *much* lower price point, Google destroyed the pricing structure that all outsourced Exchange hosts were using at the time.  It took years, but Microsoft itself finally caught up in mid-2011 with their hosted Exchange product, Office365.  In my mind, there is only one Office365 plan that small businesses should look at, the Hosted Email (Exchange Online) plan for $4 per user per month (plus tax) for a 25 GB mailbox.  This option provides all the important features of hosted Exchange that the more expensive plans offer.

Pros:

• servers where email are hosted are maintained by world class tech support in state of the art data centers
• email servers are redundant
• upgrades are automatic with no additional costs
• there is no hardware to buy or maintain
• spam filtering is state of the art
• virtually unlimited storage

Cons:

• More advanced configuration changes need to be made via Exchange Shell, not a GUI
• using Outlook in a terminal server will be too slow to be usable, will require webmail in a terminal server
• Support response time for mail server issues is not anywhere near as fast as a qualified local sysadmin/consultant

Costs:

An organization of 20 users would require 20 mailboxes at $4 per mailbox per month.  At $80 per month, annual cost would be $960 per year.  The transition to the hosted Exchange would probably take an hour per user.  Let's average 45 minutes of support for Exchange per month for a total of 9 hours per year at $125 per year.  First year cost - $4585 ($960 for hosting and 29 hours of labor at $125 per hour).  Recurring annual cost beyond the first year is $2085.

Google Apps:

Google Apps email service is a very good service.  I consider it the only real alternative to Exchange that exists in the corporate email world.  There are isolated cases where I might put in a POP solution, but I recommend against it and do my very best to only ever implement Exchange or Google Apps.  Google recommends using Google from within Google Chrome - and actually using the web browser to manipulate your calendar, contacts, and email.  The experience in Chrome is good, but in the corporate world, most employees are used to (and prefer) Outlook.  Luckily, Google makes a plugin that allows you to have full functionality (email, calendar, and contact synchronization) in Outlook for the PC.

Pros:

• familiar Google interface for those who like that interface when working within the browser
• works very well when staff user Outlook for the PC
• servers where email are hosted are maintained by world class tech support in state of the art data centers
• email servers are redundant
• upgrades are automatic with no additional cost
• there is no hardware to buy or maintain
• spam filtering is state of the art
• virtually unlimited storage

Cons:

• requires using the browser when working on a Mac (IMAP is available for programs, but that doesn't allow calendar and contact synchronization)
• unable to use Outlook inside a terminal server, will require using webmail
• sharing calendars and contacts between users requires going into webmail (cannot be done in Outlook like it can be in Exchange)
• Support response time for mail server issues is not anywhere near as fast as a qualified local sysadmin/consultant

Costs:

An organization of 20 users would require 20 mailboxes at $5 per mailbox per month.  At $100 per month, annual cost would be $1200 per year.  The transition to the hosted Exchange would probably take an hour per user.  Let's average 45 minutes of support for Google Apps per month for a total of 9 hours per year at $125 per year.  First year cost - $4825 ($1200 for hosting and 29 hours of labor at $125 per hour).  Recurring annual beyond the first year is  $2325.

sending as an alias on an Exchange server

There's no easy way to send as one of your aliases on an Exchange server. Let's say your primary email address is dave@abc.com with two aliases of helpdesk@abc.com and dave@xyz.com. Logic would say that you could add the FROM field in your Outlook message and put in one of your aliases. Well, this doesn't work.

There are two workarounds to allow you to send as your aliases. I'll describe them both and give links on how to implement them:

1) create a POP3 account in the local Outlook that does not ever actually POP anything and uses the SMTP info for the Exchange server and the email address for the alias

http://www.messageops.com/office-365-tools-resources/sending-as-secondary-alias-in-microsoft-exchange-online/

2) create a distribution list with a single member (the user). Assign send as permissions to that mailbox for the user and then the user can use the FROM field. The down side is that you might be adding many different fake distribution lists for each time a user needs to send as an alias.

http://blogs.technet.com/b/msonline/archive/2010/02/23/notes-from-the-field-support-for-multiple-aliases.aspx

Both solutions are lame, but I'll be implementing option 1 from this point forward.

configuring VAMSoft ORF anti-spam on an Exchange server

If I was to rank spam software for Exchange servers, I'd rank them this way:

1) Postini and other off-site similar services

2) GFI Mail Essentials

3) VAMSoft ORF

However, ORF costs way less. As of August 2011, ORF is $249 for the first year and then $99 each year thereafter. This is for unlimited users.

Also, ORF requires minimal configuration, which I'll go over here.

After installing ORF, the first change I make is to add an external DNS server. I add Google's public DNS, 8.8.8.8 as seen here:

The next thing I do is enable the tests I like. Unfortunately, before I did the installation where I took these screen shots, I didn't track which tests I enabled. It's only three or four tests, but here is a screen shot with all the tests I enabled after I had enabled them:

In the test for DNS blacklists, I enable SpamHaus Zen and SpamCop:

The last change I make is to add URL blacklists. I have it check the combined SURBL list and uribl.com blacklist.

After making those changes, click Configuration -> Save Configuration. Then go to Information -> Status Information and choose Start to start the ORF service.

Separately, I also disable any other spam filters. Almost always, I'm replacing the built in spam features in Exchange. I open Exchange Management Console and go to the various hub transport modules and disable any and all spam tests in the anti-spam tab.

google app migration thoughts from small Exchange domain

I did my second organization wide (only 8 users) migration from Exchange to Google Apps over the weekend, and I thought I'd just summarize what I saw what I think are best practices for a migration.

1) Check with necessary staff to make sure you have a complete list of all mailboxes, aliases, and distribution lists you need.

2) Create all accounts before any other processes.

3) investigate the size of mailboxes you are migrating. One of the mailboxes I was migrating was 11.5 GB (he intentionally didn't want it to archive). It took 70 hours to download and upload using my home FIOS. In my case, I would rather have gotten his Exchange data on the LAN instead of the 33 hours it took to download the data from the server. I'd say it's pretty important to plan bandwidth utilization as it's very easy to choke up the bandwidth with a large upload. Ideally, you're uploading one mailbox at a time over the fastest upstream internet connection you have available to you.

4) alter the MX records (ideally on a Friday night)

5) wait at least 12 hours for DNS records to change so all mailboxes on the Exchange server are static and are not longer receiving an email

6) begin uploading data from the fastest internet connection possible - or multiple connections - if you can - I've had one instance where I've had trouble with the Google Sync for Outlook - https://tools.google.com/dlpage/gappssync - though I still think it's the preferred tool. Another option for uploading mail, which doens't seem any quicker and still allows you to upload only one mailbox at a time is the Google Apps Migration for Microsoft Outlook tool here - http://tools.google.com/dlpage/outlookmigration. The problem I had with the migration for Outlook tool was that it wasn't naming the labels/folders correctly. If you had a label folder of Inbox/General - it showed up as PSTNAME/Inbox/General and not as a subfolder of inbox. Strange - though easily fixed. I guess the real difference between the two is whether an admin is doing it or if it's being done on the user's computer. On an admin's computer, he/she can use the Google migration tool to upload a PST file while he/she has his own Outlook open. For a user on his/her computer, you'd want Google Apps sync so Outlook would be usable while the data is uploading. Though from personal experience, you don't want people uploading data during the daytime. It can completely choke off your upstream bandwidth.

7) emulate functionality as best you can of Outlook using these options:

a) enable iphones to use ActiveSync -> as a Google admin -> Service Settings -> Mobile -> Turn on Google Sync

a) set up iphones using this link for instructions - http://www.google.com%2fsupport%2fmobile%2fbin%2fanswer.py%3fanswer%3d138740%26topic%3d14252

c) enable calendar sharing using these instructions - http://mail.google.com/support/a/bin/answer.py?hl=en&answer=170958

d) enable users to allow delegation of their accounts - as a Google admin -> Service Settings -> Email -> Let users delegate access to their mailbox to others in the domain. (of note - this seems to be available in the premier version but not the education edition as of 11/15/10)

e) tell users how to delegate their mailboes using these instructions - http://mail.google.com/support/bin/answer.py?answer=170957

8) make sure each computer is set up properly with Outlook configured for the google apps account (using Google Apps Sync at https://tools.google.com/dlpage/gappssync). Set it up as the default profile and also rename the NK2 file so that the autofill address book is retained.

a) be aware that the autofill address book will contain some old Exchange specific addresses that will fail when sending from google apps. As such, it's probably best practice to manually open a new message on the computer and delete each user on the Exchange/Google server since each entry was probably an X400 address and wouldn't work on the Google Apps server and will just cause confusion.

Windows Server Backup - Exchange backup fails at consistency check

I have a single server setup where the server runs Windows Server 2008 R2 and Exchange 2010. The backup kept completing with warnings saying that the consistency check failed for Exchange.

EDIT - the steps from my original post below also work. But a much easier solution is to enable circular logging on the Exchange database that is failing. Then mount and dismount then Exchange database. All the logs will disappear. Get a good backup and then disable circular logging.

Original post below:

I'd also get event log errors saying that certain log files were missing. There was a point where I had deleted some log files to address space issues. And since the backup wasn't finishing, the log files kept failing to get flushed.

I doubt this is the advisable way to handle this, but this is what I did:

a) delete all log files

b) Backup all edb's.

c) Check shutdown status of your .EDB

eseutil /mh "Full Path to your EDB"

d) eseutil /p "Full Path to your EDB"

/p is hard-repair

e) eseutil /d "Full Path to your EDB"

/d is desfragment

f) isinteg -s servername -fix -test alltests **

** my isinteg would not run, but I was able to mount and run the databases without running isinteg. Not best practice, but it kept giving me references to a log file for isinteg that didn't seem to exist.

After running the eseutil commands, my database mounted and I was able to get a good backup.

Tool for message tracking in Exchange 2010 is now called "Tracking Log Explorer"

I had been getting very frustrated with the tracking tools in Exchange 2010 as message tracking kept leading me to the Outlook Web App web interface, which I find unhelpful.

But then I found that what I'm used to seeing as Message Tracking is now called "Tracking Log Explorer" and near the same location.

Open Exchange Management Console -> Tools -> Tracking Log Explorer

It works the same was as Message Tracking in Exchange 2007

script to move Exchange servers in Outlook profiles

I haven't tested this yet, but I found what looks to be a very useful script for adjusting Outlook profiles when you need to alter the Exchange server if the change wasn't made automatically during a typical Exchange mailbox move.

An example is when I did my SBS 2008 migration from SBS 2003. I found that my Outlook profiles did not update automatically. The script from this blog post would have been immensely helpful:

http://davedolan.com/blog/?p=83&cpage=1#comment-121612

sending spam to junk email folder on Exchange 2007/2010

When configuring actions on detected spam on Exchange 2007 and 2010, there is no option to send it to the junk email folder when configuring it on the EMC. This is absurd. It looks like this (shown here are the actions on the content filter):



As stupid as it is, the way you can configure an SCL to be sent to the junk e-mail folder is through the PowerShell.

This command will send all junk with an SCL of 4 or higher to junk e-mail:

Set-OrganizationConfig -SCLJunkThreshold 4

I put this command on all my Exchange servers. I also disable all outright rejection of spam. Users hate it when legitimate email gets rejected. All spam goes into the junk email folder.


More info on this issue is located here:
http://technet.microsoft.com/en-us/library/bb738127(v=exchg.80).aspx

viewing mailbox size in Exchange 2007

There isn't a GUI method (as far as I can tell) for viewing mailboxes sizes. This page talks about a powershell command to show mailbox sizes:

http://www.exchangeninjas.com/MailboxSizeReport

setting up autodiscover SRV records for SBS 2008 for complete functionality (including out of office assistant)

Exchange 2007 (and 2010) rely on DNS for certain functionality more than Exchange 2003 did. Particularly, I mean the autodiscover record.

A great example is the out of office assistant. This will not work on your Exchange 2007 box unless you have your autodiscover information set properly.

There are a couple ways to do set it up, but I'll cover what seems to be the easiest and least costly way - the SRV record.

Some nameservers support SRV records, and some don't (it's different from an A, MX, or CNAME record) - which is where it can get weird, but presuming you have a nameserver that does, you can set up an SRV record with these properties:

Service: _autodiscover
Protocol: _tcp
Port Number: 443
Host: remote.yourdomain.com

Once that record propagates, your autodiscover will work properly (because SBS autocreates the appropriate information at remote.yourdomain.com/autodiscover)

There are other options like getting an SSL certificate that encompasses autodiscover.domain_name.com - but that requries more cost and isn't really necessary.

If you can create the SRV record with your nameserver, that's the best method in my opinion.

If you'd like to check on the status of an SRV record, you can follow these instructions or use Microsoft's site at https://www.testexchangeconnectivity.com

Hopefully, this will help someone. As I was investigating why my out of office assistant wasn't working, I feel like all the resources available to me were pretty vague about what was needed and how to go about it.

UPDATE:
A good tutorial from Susan Bradley is here (which includes screen shots of setting up an SRV record on godaddy's DNS).

Installing, Administering, and Using the Microsoft Exchange Server ActiveSync Web Administration tool

A client asked me today if I could delete her Outlook data from her iphone if it was stolen. The answer is yes - though I advised her that a password to access the iphone is the best protection she can have. To remotely wipe an Exchange Activesync device, you need to use the Exchange Server ActiveSync web administration tool.

Here's a good tutorial on installing and using that tool:
http://www.msexchange.org/tutorials/Exchange-2003-Mobile-Messaging-Part3.html

Configuring Trusted SMTP Relay in Exchange on SBS 2008

Here are instructions for creating an SMTP relay on SBS 2008 (remote clients who don't use Exchange that you want to send through the Exchange server via SMTP with authentication):

http://blogs.technet.com/sbs/archive/2008/09/18/how-to-configure-trusted-smtp-relay-in-exchange-on-sbs-2008.aspx

whitelisting IPs in Exchange 2007 to bypass content filter

There are two places to adjust the anti-spam filter in Exchange Management Console. One place is in Organization Configuration -> Hub Transport.

But that doesn't help if you want to whitelist an IP address. You have to use the other anti-spam location in Server Configuration -> Hub Transport.

It looks like this:

Exchange 2007/2010 sending emails in RTF and winmail.dat attachments

Just corrected a stupid issue on an Exchange 2007 server where my users were sending emails to external recipients in rich text format (RTF) - even though the users were specifically choosingto send emails in HTML format. And part of what makes RTF a terrible format for email is that non-Outlook users receive all emails as winmail.dat files - which is how this problem presented itself. There is a setting in Exchange 2007/2010 where messages sent to certain external recipients in certain situations will always be converted to RTF no matter what the original format the message was sent in.

After investigating, I found this to be DEFAULT behavior in this scenario:
1) you are sending to an external contact defined in Exchange Management Console
2) the contact you are sending to does not use Outlook

To resolve it, you need to edit the properties of the contact. There is a field on the general tab for "Use MAPI rich text format." It should be changed from "use default settings" to "never"


You can also fix this universally for all users (by changing the default settings) in EMC > Organization configuration > hub transport.  On the Remote Domains tab, right click on Default and choose Properties.  Click on the message format tab and choose "Never use"