Exchange2013 | EzCloudInfo

Category Archives: Exchange2013

Configure Text Messaging Delivery in Exchange 2013

Exchange2013, Text Messaging September 16, 2014 Comments: 5

By using the text messaging delivery option we would be able to route text messages to user’s mobile phones and notify them whenever a new email, Meeting request reaches the user mailbox.

In this article we will have a look at steps to configure Text Messaging in Exchange 2013

First let’s have a look at the functionality and the components involved in the text messaging delivery option

Exchange first stamps the Text messages with the local email address phonenumber@domain.com in the categorizer for the user whom we have this option enabled.

Basically this Text Messaging Delivery works on two types of Transport Agents working on the message categorization part.

Text Messaging Routing Agent
Text Messaging Delivery Agent

These 2 agents’ works with a help of dedicated connector DeliveryAgentConnector for this functionality which is enabled by default from Exchange 2010

We can see this connector by running the below command

Get-DeliveryAgentConnector | fl

Once the emails is processed for any user for whom the email needs to reach his mobile device by these 2 transport agents it then hand overs the job to the EWS. In EWS there is a component called textmessagingenabled. It verifies if this parameter enabled in OWA Virtual Directory. If this option is enabled then the text message is transferred to the user via ews to the public ip address. It reaches user telephone service provider and then message is delivered to user as message notification.

Below are the steps to configure the text messaging delivery option

First step is to check if the text messaging option is enabled on the CAS server OWA Virtual Directory.

Run the below command to check if its enabled

Get-OwaVirtualDirectory |Ft Servername,textmessagingenabled

To enable text messaging in all CAS servers run the below command

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory –TextMessagingEnabled $True

To disable text messaging in CAS servers run the below command

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory –TextMessagingEnabled $False

Now we need to ensure the transport agents are enabled only then textmessaging option will work.

Run the below command to check if the both the agents are enabled

Get-TransportAgent

If you find it disabled you can run below command to enable them

Enable-TransportAgent -Identity “Text Messaging Routing Agent”

Enable-TransportAgent -Identity “Text Messaging Delivery Agent”

Now run the below command to check if the delivery agent connector is enabled and ensure that deliveryprotocol to mobile is enabled.

Get-DeliveryAgentConnector | fl

We are done with the config on the server side . We need to enable this option for end user through OWA .Follow the below steps

Log on to outlook web app for user whom we need to enable this functionality and click on options

Now Click on phone and click on text messaging

Select Turn on Notifications option

Choose the mobile operator locale

Choose the mobile operator

Enter the phone number

Enter the Passcode sent to your mobile

Click on finish and we are done configuring text messaging notifications for user.

Note:

End user will be charged from his mobile operator for each and every notification that he receives in his mobile device.

Thanks
Sathish Veerapandian

Details Template Editor Exchange 2013

Details Template Editor, Exchange2013 September 8, 2014 Comments: 8

Details Template Editor is used to modify or add extra information in the objects properties which are accessed through GAL.

For Example if company demands to have a column called Block or Cabin number to be added in each and every user’s mailbox to be displayed via GAL .We can use the details template editor and create new columns for the same. So by doing this when a user resolves any mailbox from the GAL and access their properties then he/she would be able to see the created object entries (Eg: Cabin number or Block).

In this example we will see how to create an additional column for Building Block which needs to be populated and visible in the user properties when end users accessed from GAL.

Details Template Editor can be modified by using Exchange toolbox as well as Exchange Management Shell. We will look through how to modify them with Exchange Toolbox.

Go to start all programs and Open Exchange Toolbox.

Unlike in Exchange 2010 we have only three configuration management tools as below and open Details Template Editor

Select preferred language and the preferred template type for which we need to add the new columns

There are multiple template types (Contact, User, Group, Public Folder, Mailbox Agent etc..,)

So ensure that you choose the correct Template Type.

And then it opens up the editor page as below

Here we have 2 options over the left

Group Box – When we double click on this option it creates an empty new box where the specified value is entered.

Label – A unique name defined for the newly created group box like (department, Alias as shown in above picture)

Now double click on the group box over the left and it creates a new empty column where the value needs to be displayed.

Over the right editor pane we have the layout height width adjustment option by which we can alter the values and bring it to look uniform with the other group boxes.

Now create a new label box by double clicking on the label icon and drag it to the newly created group box.

Now im entering the value Block in my example in the text. You can enter the desired value to appear in the GAL object.

We are done with creating the template. Now we need to assign a attribute to this newly created group box since no attributes will be linked with newly created group box.

Do the below steps to link a unassigned attribute to the newly created Group box.

In the right editor pane select any one of the unassigned attribute.

Once done click on file and we have an option called save

Run the below command to populate this value to any user via GAL

Set-Mailbox Usermailbox -CustomAttribute “specify the value”

In my example im setting this value for Exchangequery Mailbox

Set-Mailbox Exchangequery -CustomAttribute10 “B”

Note: By default this new value will not be created for any user and displayed in the GAL. We need to run the above command for the users to display this value in the GAL.

Now we can see this value is populated for the user we have set. This value will be displayed in Outlook when we see the properties of this user and new value Block with the value B will be displayed.

We can edit details template using exchange management shell as well

We can use below command to see the accepted property types in details template.

Get-DetailsTemplate | Get-Member

We can run the below commands to see the examples

Get-DetailsTemplate – Examples

To get the detailed information we can use the below parameter as well.

Get-Help Get-DetailsTemplate –Detailed

It’s better to use the Exchange Toolbox for creating new details template since there are multiple attributes involved and Details Template Editor is much user friendly. We can use Exchange Management Shell to modify or add any entries for users in the custom attributes assigned.

We are done with creating custom entries for objects using details template editor.

Sathish Veerapandian

Custom Transport rules in Exchange 2013

DLP, Exchange2013 August 19, 2014 Comments: 2

By using transport rules in Exchange 2013 we can filter, inspect or block any confidential emails that match any specific conditions with the email that matches the transport rule. By using this we would be able to prevent the leakage of the sensitive data in any organization.

Transport rules along with DLP and policy tips can be used to give end users warning informational tips when they try to send any emails which does not abide the company policy.

In-order to achieve this we need to create a transport rule first, and then create a associated DLP policy and then configure policy tips for the same. we will look into how to perform this with a small example.

Below example is a simple rule that helps us to block any emails with attachments that has a character set invoice

Open EAC – Go to Mail Flow – Select Rules

Click on the + sign to create a new rule – Give it a name

We have scope to choose as well. In my example im selecting the option if the recipient is located outside the organization this applies for external users.

We can apply a condition to this rule. Specify a character set. In my case im specifying name invoice so that all emails which contains character invoice will be sent for review and approval.

We can take the following action on the message that matches the criteria for invoice. In my case im forwarding the email for approval by administrator.

We can add an exception too by excluding few recipients who are entitled to send those messages or even according to subject or few other parameters as shown below.

We can still enhance this rule and notify end users before they try to send any emails which do not meet the company policy. This task can be accomplished with the help of policy tips.

Policy tips are informative messages displayed to the end users in owa, outlook and owa for devices before they tend to send any offending content in any organization.

They function similar to MailTips where an informational message is given to the user while he/she tries to add any attachment like pdf file which an organization restricts to send through email to external users. By using this users will come to know that this kind of email is not allowed to send and they can abide the rules.

Policy Tips works along with DLP. An associated DLP policy also should be created for the same.

To create Custom DLP Policy

Open EAC – Click Compliance management – Select Data Loss Protection – Select New Custom DLP Policy

Now give it a name and specify the description.

Select the state to be enabled and choose option Test DLP policy with Policy Tips and click save.

Now Click on the DLP policy created and click edit

Select Rules – You can create a new rule.

im selecting option notify sender when sensitive information is sent outside organization rule in my case.You can create a new rule or an existing one which matches your criteria and click save.

To edit Policy Tips

In-order to do that click edit on the custom created DLP policy and select Manage policy tips

Click on the option notify the sender option .

Select the locale language

And specify the text message that needs to be displayed to the end user when he/she tries to send an email which matches our Transport rule, DLP and policy tips.

Below is the example of the policy tip notification.

Note : If you are using policy tip for SSN, Passport Numbers , Credit Card numbers with already existing DLP templates then policy tips will be triggered only for valid passport numbers,credit card numbers and SSN numbers.

Sathish Veerapandian

Steps to configure IRMS in Exchange 2013

Exchange2013, IRMS August 12, 2014 Leave a comment

Information Rights Management Service IRMS is an inbuilt Messaging policy feature which is available from Exchange 2013. This inbuilt Messaging policy works along with transport rule to secure all the sensitive email transits that is happening in our organization.

By Using IRMS we will be able to inspect any sensitive email content with help of transport rules, encrypt them and then provide secure access only to the required users.

IRM agents are built in transport agents. But however when we run Get-TransportAgent we will not be able to see the IRM agents visible. Because most of the inbuilt transport agents that come along with the installation are not visible in Get-TransportAgent and they are unmanageable from PowerShell.

IRMS works with the help of ADRMS and informational protected technology which is introduced from Windows Server 2008. ADRMS uses extensible rights markup language (XrML) type certificates to certify users and computers. We need to have AD RMS installed to use this IRM functionality.

By Using IRM following actions can be taken

We can restrict confidential email to be sent only to the right recipients and other recipients can be blocked.
Prevent forwarding a confidential message to other recipients.
Prevent Copying and pasting a confidential message
Prevent printing a confidential Message

This IRM requires Licensing to work along with ADRMS.When we enable IRM pre-Licensing is enabled by default.

There is a prelicensing agent which acts on the categorizer on the mailbox server in the transport service which attaches a prelicensing in OnRoutedMessage to IRM- protected messages.

So by this prelicensing which is issued by default by the ADRMS to the IRM protected messages end users will be able to access these emails through Outlook in online/offline mode and as well as through OWA, Active sync devices as well.By doing this the client does not need to send a request to the ADRMS for license to access these emails each and every time.

IRM works in the following clients

Manually by Outlook users – By using IRM functionality in Outlook. (This is a client side IRM from outlook and no IRM transport rule from server is triggered in this scenario)

Manually by Outlook Web App users – By using Web-Ready Document Viewing.( This is a client side IRM from outlook and no IRM transport rule from server is triggered in this scenario)

Manually by Windows Mobile and Exchange ActiveSync device – This requires users to connect their supported Windows Mobile devices to a computer and activate them for IRM (This is a client side IRM from outlook and no IRM transport rule from server is triggered in this scenario)

Automatically on Mailbox servers – Works with the help of Transport Protection Rules from server.

Note:

A message which is already IRM protected by any of the client type like Outlook, OWA or Activesync will not be again IRM protected by Transport protection rules since its already protected. IRM purely works with the help of ADRMS encryption so all the client side IRM protection will already be processed if a user tries to use IRM functionality from Outlook or OWA.

IRMS works in the categorizer Mailbox Transport service in the following ways:

RMS Decryption agent – Decrypts the messages to provide access to transport agents for inspection.

Transport Rules agent – An associated IRM transport rule inspects the email and marks the email as IRM protected email and notifies RMS encryption agent

RMS Encryption agent – Identifies the IRM marked messages by transport rule and then encrypts them for protection.

Prelicensing agent – Attaches a prelicensing to this message in OnRoutedMessage to IRM- protected messages by AD RMS cluster.

Journal Report Decryption agent– Decrypts only irm messages with journal reports.

Now let’s see how to enable IRM in Exchange 2013.

Prerequisites to use IRM in Exchange 2013

1) We need to have ADRMS installed in our Environment

Note: We need to have IRMS installed separately on a server. It should not be installed on a server where we have Exchange installed.

Follow the below steps for ADRMS installation.

Open server manager. Go to roles and select ADRMS.

Click next

Select federation support as well if you wish to extend ADRMS to federated partners.

Click create new AD RMS cluster

Choose a location to store configuration database

Default website is selected automatically

We need to create a separate service account to manage ADRMS

Specify the internal address to be used for ADRMS.

Choose server authentication certificate

Provide a server licensor certificate which helps to identify the clients

Just navigate through the wizard it’s pretty much easy and complete the installation of ADRMS role.

Note: By default Exchange 2013 IRM features support Microsoft Office file formats. We can extend IRM protection to other file formats by deploying custom protector.

If you need to support additional files then you will need to import custom protector in ADRMS.

For custom protectors refer http://msdn.microsoft.com/en-us/library/office/bb802693(v=office.14).aspx

2) Grant access to Exchange servers to use ADRMS for IRM. Perform the following task.

Open IIS – open default Website – Click _wmcs – Select Certification

Switch to content view – right click on servercertification.asmx and click edit permissions ensure that Exchange servers are listed as shown below.

Note: This setting on IIS should be checked on the server where we have installed ADRMS. _wmcs directory will be visible only after we install ADRMS.

3) We need to create a dedicated security group for encryption and decryption of these messages by super admins

Perform the following task

Create a dedicated super user group to be used in AD users and Computers.

Open ADRMS – in security policies select super users and ensure super user functionality is enabled. If not add this user to the group.

4) Run the below commandlets to enable IRM.

First check the IRM settings by running the below command.

Get-IRM configuration.

To enable on CAS – Set-IRMConfiguration -ClientAccessServerEnabled $true

To Enable for OWA – Set-OWAMailboxPolicy –Identity Default -IRMEnabled $true

For Multimailbox IRM search – Set-IRMConfiguration -SearchEnabled $true

For Licensing Internally – Set-IRMConfiguration –InternalLicensingEnabled $true

For Licensing External users – Set-IRMConfiguration –ExternalLicensingEnabled $true

5) Create an associated transport rule for IRM for mailbox side IRM.

Note: Before creating transport security rules we need to have RMS templates loaded from the ADRMS to use in this rule. To identify the set of RMS template from ADRMS run the below command.

Get-RMSTemplate | format-list

Open EAC – Select Mail flow and select – Rules

Select Apply Rights protection to Messages

Use the Select RMS template dialog box to select a template.

Add any exception if we need to use any exception for few senders.

Below is an example of adding an exception for Administrator. IF any IRM message which matches the Template chosen in IRM for Admin then we can set exception to forward the message to his manager for approval.

Clicks save and we are done.

Below is an example by using Do not forward template in ADRMS. The Outlook and owa users while composing this message by organizer will receive this type of information as shown below.

Also we can use Test-IRMConfiguration commandlets to check the IRM functionality for a user

Below is an example for testing IRM config for user Adam sent emails.

Test-IRMConfiguration -Sender adams@contoso.com

References: http://technet.microsoft.com/en-us/library/dd638140(v=exchg.150).aspx

http://technet.microsoft.com/enus/library/dd298166(v=exchg.150).aspx

http://technet.microsoft.com/enus/library/bb125012(v=exchg.150).aspx

http://technet.microsoft.com/en-us/library/dd979798(v=exchg.150).aspx

Sathish Veerapandian

Customized system messages to users in different languages in Exchange 2013

Exchange2013, Transport August 6, 2014 Leave a comment

In this article let’s have a look at customizing system messages (Warning mailbox limit, ProhibitSendMailbox, DSN) to users in different languages.

Let’s take an example if we have users who are using mailboxes across different regions in multiple geographical locations. In this scenario users will be having different languages as default according to their region. For example user might have his default language as French and some might have default language as English.

In these scenarios we can customize this system message according to different region so that the users will be getting the system generated emails according to their regional language.

Let’s take a scenario of customizing system messages for French users as well as English users who are residing in different locations.

So we need to deliver DSN,Quota Messages in English for SetA users and in French for SetB users. By this way SetA users gets the DSN in English and SetB users gets DSN in French.

In-order to accomplish this task we need to create a new customized quota message. We need to run the below commands.

First we need to set the language property of the user mailbox according to his region. In order to accomplish this we need to run the below commands

For French users – Set-Mailbox – identity “user” -languages “FR-CA”

For English users – Set-Mailbox – identity “user” -languages “EN-US”

1) Warning Messages

For French users

New-SystemMessage –QuotaMessageType WarningMailbox -Language FR –Text “type French text here”

For English users

New-SystemMessage –QuotaMessageType WarningMailbox -Language EN–Text “Watch out! Your mailbox has reached its maximum capacity

2) Prohibit Send mailbox:

New-SystemMessage –QuotaMessageType ProhibitSendMailbox –Language EN –Text ““type english text here”

New-SystemMessage –QuotaMessageType ProhibitSendMailbox –Language FR –Text “type French text here”

3) Prohibit Send receive mailbox:

New-SystemMessage –QuotaMessageType ProhibitSendReceiveMailbox –Language FR –Text ““type French text here”

New-SystemMessage –QuotaMessageType ProhibitSendReceiveMailbox –Language EN –Text “Watch out! Your mailbox has reached its maximum capacity”

4) For DSN’s we can use the below command

New-SystemMessage -DsnCode 5.3.2 -Language En -Internal $true -Text “Any English TEXTMessage”

New-SystemMessage -DsnCode 5.3.2 -Language FR -Internal $true -Text “Any French TEXTMessage”

Once after we have made the above changes users will be able to receive system messages according to their MailboxRegionalConfiguration settings.

To view the system messages we can use the below commandlets:

To view the language for user – Get-MailboxRegionalConfiguration –Identity username

For Warning – Get-SystemMessage -Identity EN\WarningMailbox

For prohibit Send – Get-SystemMessage -Identity EN\ProhibitSendMailbox

For prohibit SendReceive – Get-SystemMessage -Identity EN\ProhibitSendReceiveMailbox

To modify system messages:

Set-SystemMessage -Identity EN\WarningMailbox -Text “Your mailbox is becoming too large.”

Set-SystemMessage -Identity EN\ProhibitSendMailbox -Text “Your mailbox can not send nor receive any more …”

Set-SystemMessage -Identity EN\ProhibitSendReceiveMailbox -Text “Your mailbox can not send nor receive any more …

To remove any customized system message you can use the below command

Remove-SystemMessage -Identity EN\WarningMailbox.

Refer more:

http://technet.microsoft.com/en-us/library/bb310757(EXCHG.80).aspx

http://technet.microsoft.com/en-us/library/aa998878(v=exchg.150).aspx

Sathish Veerapandian

Modifying System Generated Mailbox in Exchange 2013

Connectors, Exchange2013 July 30, 2014 Comments: 3

In this article we will have a look at the system generated mailbox and steps to modify system generated mailbox in Exchange 2013.

By default the system generated mailbox comes from sender “Microsoft Outlook”. Sometimes we might need to change the display name of the system generated mailbox because some of the users might use Non-Microsoft clients like MAC, Linux etc., and cannot understand if system generated emails are why sent from “Microsoft Outlook” sender and this could create confusion for end users if they have configured outlook on multiple PC’s thinking that could cause trouble in sending email to few users.

In these kinds of scenarios we can specify identical display for Microsoft Exchange Recipient, so that it would be easily understandable by all client users in domain that the message is sent from the server and not from outlook. Also there could be scenarios where users would reply for an ndr message received if he/she is not aware of these system generated emails. It could be better if we have a mailbox setup which is monitored by admins so that users can reply for these ndr’s and can be addressed.

Now let’s have a look into few of these parameters involved first.

Basically there are 2 types for system generated Mailbox in a organization that exchange server can send. It can send NDR’s for internal users for mailbox limit quota warning, non-deliverable reports for internal senders. MicrosoftExchangeRecipientPrimarySmtpAddress attribute is involved in sending ndr’s to the internal users. Also it can send external NDR for external recipients as well who is not part of accepted domain in our organization. Externalpostmasteraddress attribute is involved in sending ndr notification to users who are not part of our domain. Both these attributes are in organizational level and can’t be altered from server level.

We can use the below command to check the value of the MicrosoftExchangeRecipientPrimarySmtpAddress

Get-OrganizationConfig | FL MicrosoftExchangeRecipientPrimarySmtpAddress

When we run this command it shows a default value with alphanumeric@domain.com as shown below

We can use the below command to check value of Externalpostmasteraddress

Get-TransportService | FL Identity, ExternalPostMasterAddress

By default the Externalpostmaster address value is not set to any value. Which means by running this command usually the result will be null as shown below.

In my case it is just showing the list of hub transport server , transport service(exchange 2013) and edge server without any values since I have not set any specific mailbox.

So what happens if there is no value set for ExternalPostMasterAddress.

The NDR for external users will be sent in postmaster@domain.com format from our domain if we have only mailbox and cas servers. It will use edge server to send out these external ndr’s if we have edge configured and the value will be postmaster@edgeserverfqdn.

So if you need to change this value run the below command

Set-TransportConfig -ExternalPostMasterAddress postmaster@contoso.com

To change the value of MicrosoftExchangeRecipientPrimarySmtpAddress is little bit tricky. We can change this value to a different mailbox however if we make any organizational changes by running set-organization command then it reverts back this value to default value Microsoft Outlook.

First we need to change the value by running the below command

MicrosoftExchangeRecipientEmailAddressPolicyEnabled $False

And then we need to set an appropriate email address from which it can send out NDR’s to the internal users.

Set-TransportConfig MicrosoftExchangeRecipientPrimarySmtpAddress localit@exchangequery.com

Note:

MicrosoftExchangeRecipientEmailAddressPolicyEnabled – If this parameter is set to $false, you must manually add new e-mail addresses to the Microsoft Exchange recipient when e-mail address policies are added or modified.

There is an alternative way by which we can achieve this setting. We can change the display name alone through ADSI edit

To make this change in the adsiedit follow the below instruction

Open ADSIEdit.msc
Configuration – Services – Microsoft Exchange
Open the properties of “CN=MicrosoftExchange329e71ec88ae4615bbc36ab6ce41109e” in right hand side pan.
Locate the display name attribute and Make sure that it is displaying “Microsoft Exchange” if not then change it to Desired Display name that users want to see when they receive an NDR.
Close ADSIEdit.

If you need the internal ndr’s to be copied to a mailbox and if a user reply back to an ndr and if that email needs to be delivered to a mailbox and monitored then we need to set value for the attribute MicrosoftExchangeRecipientReplyRecipient.Run the below command

Set-OrganizationConfig -MicrosoftExchangeRecipientReplyRecipient localit

After you run the above command you can see the value as below when you run

Get-OrganizationalConfig |FL

If we want the external ndr’s to be sent to the above email address we can run the below command

Set-TransportConfig -GenerateCopyOfDSNFor 5.1.0, 5.1.1

Above is an example for getting a copy of DSN only for 2 ndr codes. We can add multiple ndr codes as well.

Troubleshooting Outlook Connectivity issues for all users in Exchange 2013

Autodiscover, Exchange2013 July 28, 2014 Comments: 3

In this article i will list down few common steps that can be checked during troubleshooting outlook connectivity issues in Exchange 2013 SP1 and later.

First step is that we need to identify whether it is happening for few users, or all users or its just one user and troubleshoot accordingly. In this blog we will discuss about troubleshooting Outlook connectivity issues for all users in Exchange 2013 environment .

1) Ensure that all Microsoft Exchange Services which is set to automatic are up and running.Especially the Microsoft Exchange RPC Client Access service must be started which is more involved in Outlook Connectivity issues.

2) Check in the application log for any throttling events in both CAS server as well as mailbox server.

3) If it is a new Exchange 2013 setup ensure Host A record for Mail ,Webmail and Auto discover on internal DNS is created correctly.

4) Ensure that the new Exchange Certificate is created and assigned to the IIS service. If you have SSL make sure that the SSL certificate is assigned to the virtual directory.

5) Ensure that autodiscover internal url,ews internal url,oab internal url are set correctly.

6) Check the authentication methods in the IIS for the RPC .If you have enabled mapihttpenabled protocol then check the mapi virtual directory. It can be Basic, NTLM, Negotiate on both the virtual directories and negotiate authentication is enabled by default in Exchange 2013.

You can use the below command to check the authentication method for mapi virtual directory if you have enabled mapihttpenabled protocol.

Get-MapivirtualDirectory | fl

Below is the output and check the iis authentication method and internal authentication column.

Also you can check if you have enabled mapihttpenabled by running the below command

Get-organizationalconfig | fl Mapi*

Analyzing this part is very important.If your organization is using mapihttpenabled protocol then we need to enable this option. There are also few other settings that needs to be configured for using this protocol.For enabling mapihttpenabled protocol refer microsoft blog

http://technet.microsoft.com/en-us/library/dn635177(v=exchg.150).aspx

This value should be set to false if you have not configured mapihttpenabled in your organization else end users will face trouble in connecting through Outlook . Run the below command to disable mapihttpenabled feature.

Set-OrganizationConfig -MapiHttpEnabled $False

7) Also it could be problem if the outlook providers were not set correctly.

Below is an example of setting up outlook providers .

First we need to run the below command to check the value of outlook provider

Get-OutlookProvider

In our case since the outlook provider is not set we get the values to be null.

Run the below commands to set the outlook provider name

Set-OutlookProvider -Server exchange2013CAS EXCH -CertPrincipalName msstd:exchangequery.com
Set-OutlookProvider -Server exchange2013CAS EXPR -CertPrincipalName msstd:exchangequery.com

Note:

Make sure that the certprincipal name that you are entering matches the name of the autodiscover that you have given in the SAN certificate and internal DNS.

Below will be the output if the outlook providers are set.

Though Outlook providers is not required as it is changes the autodiscover settings to global level from server level .But problems might arise if the outlook providers were not set correctly and autodiscover settings are not configured correctly.So its always better to check the values of outlook provider during troubleshooting these kind of scenarios and there is no harm in setting these values.

Get and easy and secured access to your online private work space and catch up with latest emails and essential documents with office 365 on your preferred device(PC/Mac/android/iOS) on your remotely accessible virtual desktop from CloudDesktopOnline.com with 24*7 top-notch support services from Apps4Rent.com.

Sathish Veerapandian

MVP – Office Servers & Services

Overview and Troubleshooting MailTips in Exchange 2010/ 2013

Exchange2013, Mail Tips July 23, 2014 Comments: 3

MailTips are useful information displayed to the end users while composing and trying to send messages to any users in their organization.

When end users select any recipient for which we have Mailtips enabled that particular information will be displayed as a tip after the GAL resolves that user in the recipient tab.

In order to troubleshoot MailTips its better we can understand the functionality of MailTips first so that it will be easier to identify and provide a fix. Let’s see the overview and functionality of MailTips first and then we will look into troubleshooting scenarios.

How MailTips work:

Sender creates a new message and addresses the message to a recipient.
During message composition the client submits a GetMailTips request to the Exchange web services on the CAS server. The request is submitted as a SOAP message over HTTPS.
CAS/Exchange Web Service receives the GetMailTips SOAP request and uses the information to authenticate the SOAP request and then queries:

Active Directory – for the requested objects (recipient, organizational). The active directory request is executed as an LDAP query.
Mailbox Servers -to retrieve “out-of-office” messages, “mailbox-full” status, or any customized MailTip configured for the recipients.
The Active Directory and mailbox servers return the results to exchange web services.
The Exchange web services returns the result to the client.
The client will be able to see the MailTip information for that configured user account.

EWS is the main component for MailTips.

Mail Tips are available from client versions Outlook 2010 and Outlook Web App as well.

Note: MailTips will not work when outlook is in offline mode.

Mail tips are triggered in the following scenarios

When a user resolves a recipient in the GAL.
When a user uses reply to all option in a message.
When a user adds or removes any attachment in a message.

Now we will look at how to configure MailTips in Exchange 2013.

MailTips is an organizational feature but still it can be enabled for each and every recipient individually as well. In order to enable MailTip for each individual we need to have MailTip enabled in the organizational level first.

We can run Get-Organizational config | fl mailtip* to see the MailTips configuration for a whole organization.

Basically we have 5 different types of MailTips in organizational level. Apart from these we have Active Directory Based MailTips which can be enabled as well. Now we will look in to the different types of MailTips and their functionality.

MailTipsALLTipsEnabled –

This enables or disables the MailTip’s option totally in organizational level. If this option is disabled then MailTip functionality will not work for any users.

MailTipsExternalRecipientsEnabled –

This option gives any tips to the sender if there are mail tips enabled for any user outside the organization.

Eg: Most of the organizations are much concerned about any internal confidential information should not be leaked outside for any reason. If we have this option enabled and if the user accidentally adds any external vendor, partner in a confidential trail email he will be getting a mail tip of that information which displays that particular recipient will be shown with that custom message. This makes the sender very helpful in these kind of scenarios.

Steps to enable MailTip for external recipient

Set-OrganizationConfig –MailTipsExternalRecipientsTipsEnabled $True

When you run the above command MailTip with custom message for all external recipients will be displayed,

MailTipsLargeAudienceThreshold –

Gives the sender information if he adds more number of recipients in a mail than the configured threshold.

The default value is 25. We can change the value by running the below command.

Set-OrganizationConfig –MailTipsLargeAudienceThreshold <Desired Integer Value>

MailTipsGroupMetricsEnabled –

Displays the MailTips for the Distribution Lists and Dynamic Distribution Lists.

For example enabling this will give sender an info that the DL you are sending contains more than 100 members.

It is enabled by default. If you want to disable this feature you can run the below command.

Set-OrganizationConfig –MailTipsGroupMetricsEnabled $false

MailTipsMailboxSourcedTipsEnabled

This option gives the mailbox full and out of office message to the sender while he addresses message to a user whose mailbox is full or if he is out of office. This option is enabled by default.

Other Active Directory Based MailTips

Custom MailTips – Custom MailTip can be set for individual users with custom message by administrator.

Moderated Recipient -. Is used to alert the sender that the recipient is moderated and that mail delivery may be delayed.

Restricted Recipient – advises that the message cannot be delivered to the recipient (when you are not in the list of users allowed to send e-mail to the recipient)

Message Size Limit – displays if the message the sender is composing is larger than configured message size limits in your organization.

Maximum Number of Recipients – displays if the sender adds more recipients than allowed. This value can be changed for each mailbox according to the configuration.

Below is an example of Custom MailTips.

In order to enable custom MailTips perform the following action.

Open EAC – Click recipients – select the mailbox for which we need to configure custom MailTips – and type the custom message and click save.

Below information is displayed for senders while addressing the message to the custom MailTip enabled user.

Now let’s have a small discussion in troubleshooting MailTips

First we need to ensure that owa is able to access the ews virtual directory without any issues. Also ensure that outlook is able to fetch the Autodiscover information.

First identify the MailTip issue is happening for just one user or multiple users. Also if it is will all users pick one user and start troubleshooting.
Check if the mail tip is not functioning in owa and outlook or any one of them.
Ensure that outlook is able to get the correct Autodiscover information.

Tools for troubleshooting MailTips

Exchange and Outlook provide tools for troubleshooting mail tip issues. Below is a listing of the tools that we can use to identify and resolve mail tip issues;

1. Outlook 2010/2013 Diagnostic Logging (MailTips.log)

2. Internet Information Server Logs

3. Diagnostic Logging (Event Viewer)

4. Performance Monitor Counters

Steps to enable Outlook logging

File – Options – Advanced – Enable troubleshooting logging

Restart outlook, try to retrieve MailTips and you will get a below kind of log

You need to ensure that there is no error after GetServiceConfiguration for mailtips which is a successful transaction of MailTip.

Below is an example of successful result of a query of mailtips from outlook which shows in the outlook log.

<ex15m:ConfigurationName>MailTips</ex15:ConfigurationName>

</ex15m:RequestedConfiguration>

</ex15m:GetServiceConfiguration>

</q:Body>

<ResponseCode>NoError</ResponseCode>

<ResponseCode>NoError</ResponseCode>

Similarly we can enable IIS server logging in the CAS server and look of there are any errors after get-service configuration for MailTips so that we will be able to identify the issue.

Also we can increase the following Perfmon counters for MailTips and see the results if we get any relevant information.

Looking into the application logs in the event viewer will also help us in identifying the root cause.

The above troubleshooting can help us in identifying the MailTips issue.

Sathish Veerapandian

Installing Exchange 2013 Edge Server CU5

Edge Server, Exchange2013 July 4, 2014 Comments: 11

Edge server serves as a best security filtering system for all the incoming and outgoing emails in our organization. It prevents spammers from exploring and hacking our network.

In real time edge servers will be placed in a DMZ zone.
So the setup will be looking like below
Intranet (Basically corporate LAN) – intranet firewall – DMZ – perimeter firewall – Internet

So we should be placing the edge server’s right in between the intranet and perimeter firewall which is demilitarized zone.
Basically in this DMZ zone there wouldn’t be full access to the directory services because this DMZ zone acts as a first filtering agent for any kind of spam messages that are coming to the network.
We will have the DMZ be placed in a different sub-net apart from LAN sub-net for security reasons not to expose the LAN network to the spammers.So we use the concept of DNS suffix so that we would be able to communicate with the LAN network with minimal required access to few services.

With help of ADLDS installed on edge servers ,directory services would be able to provide dedicated required services for Edge server.Here the edge transport server uses the ADLDS services to store the recipient and configuration information alone.

By having this information it would be able to validate the authenticated valid users on its own domain, applying the required spam filtering agent settings for its recipients, knowing the connector configurations and routing the mail-flow accordingly.
Following are the prerequisites for installing Edge server
Remote Tools Administration Pack
ADLDS
Required Windows components – NET-Framework, ADLDS
Windows Management Framework 4.0
Follow below TechNet article to install Exchange 2013 edge server Prerequisites
http://technet.microsoft.com/en-us/library/bb691354(v=exchg.150).aspx

1. Configure DNS suffix on Edge server.
Add the edge server name along with the domain name as the DNS suffix.

In my-case im adding it as edge2013.exchangequery.com

2. Configure firewall rule as following:

Inbound traffic:
SMTP – TCP port 25 (from Internet)
SMTP – TCP port 25 (from Edge server to Hub server on internal network)
Outbound traffic:
SMTP – TCP/UDP port 25 (from Edge to Internet)
SMTP – TCP/UDP port 25 (from Hub to Edge server)
LDAP for Edge Sync – TCP port 50389 (from Mailbox to Edge server) Secure LDAP for Edge Sync – TCP port 50636 (from Mailbox to Edge server). Do not open these ports on perimeter firewall. These ports should be open only on intranet firewall.

Note:

If you are installing edge in lab setup you can follow the below steps
1) Bring edge server and do not join it in a domain.
2) Add the DNS suffix with the domain name alone.
3) Have edge server on a different subnet. But have these 2 subnets on the same VLAN.
4) Add one ip range of edge server in mailbox server as Additional in advance TCP/IP settings in the primary NIC. Similarly do the same for edge server. Add one ip range of mailbox server as Additional in advance TCP/IP settings in the primary NIC.
By doing this only you would be able to ping these 2 different sub-nets and they will have network connectivity.
In real time scenarios we have to ensure connectivity between perimeter n\w and LAN n\w and all the required ports open else we will be having trouble with the edge synchronization with the mailbox servers.

3. Install the Exchange 2013 Edge server

Select the edge transport role

Wait for the readiness to be completed.

Reboot the computer once the setup completes successfully.
After the reboot ensure that the edge server is installed. From Exchange 2013 we do not have exchange 2013 management through GUI and it is from exchange management shell on the edge server itself.But after Edge-synchronization is completed we will be able to manage the edge server from EAC.

Run the following command to ensure that edge server is available.

Get-Transportservice
Also you can run Get-Transportservice | FL to check all other parameters as well.

4. Start edge subscription by following command:

“New-EdgeSubscription –Filename “C:\edgeserversubscription.xml”

5. Copy the xml file to the mailbox server local disk.

6. Complete subscription by running the below command:

New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path “C:\EdgeServerSubscription.xml” -Encoding Byte -ReadCount 0)) -Site “Default-First-Site-Name”

7. Run Start-EdgeSynchronization

Now we need to Start-EdgeSynchronization cmdlet to immediately start synchronization of configuration data from Active Directory to the subscribed Edge Transport server.
Start-EdgeSynchronization -Server exchangequery.com

Once the synchronization is over the edge setup is completed successfully.
Cheers
Sathish Veerapandian
Technology Consultant 🙂

Upgrade to Exchange 2013 CU5 in Graphical User Interface

Exchange2013 June 10, 2014 Leave a comment

Just tried installing Exchange 2013 CU5 and is pretty much easier and went clean without any errors/warnings in my lab setup.

For the changes and fix that have been done in CU5 can be referred in my previous article

http://exchangequery.com/2014/05/28/microsoft-exchange-2013-cu5-released/

The setup can be downloaded from this location

http://www.microsoft.com/en-us/download/details.aspx?id=43103

As we are aware that the upgrade order from Exchange 2013 if we are using separate server for mailbox and cas then Microsoft recommends to upgrade the mailbox server first and then the cas server.

After the download is complete just open the setup file and it opens the below screen.Choose the required option its always recommended to check for updates and then click on next.