Posts Tagged Exchange 2010

Exchange Autodiscover and Multiple Domains

Posted by on Tuesday, 18 May, 2010

The Autodiscover service makes it easier to configure Outlook 2007 or Outlook 2010 and some mobile phones. You can’t use the Autodiscover service with earlier versions of Outlook, including Outlook 2003. In earlier versions of Microsoft Exchange (Exchange 2003 SP2 or earlier) and Outlook (Outlook 2003 or earlier), you had to configure all user profiles manually to access Exchange.

The Autodiscover service does the following:

  • Automatically configures user profile settings for clients running Microsoft Office Outlook 2007 or Outlook 2010, as well as supported mobile phones. Phones running Windows Mobile 6.1 or a later version are supported. If your phone isn’t a Windows Mobile phone, check your mobile phone documentation to see if it’s supported.
  • Provides access to Exchange features for Outlook 2007 or Outlook 2010 clients that are connected to your Exchange messaging environment. (Offline Addressbook, Out Of Office, ect)
  • Uses a user’s e-mail address and password to provide profile settings to Outlook 2007 or Outlook 2010 clients and supported mobile phones. If the Outlook client is joined to a domain, the user’s domain account is used.

How does Outlook/Entourage check for autodiscover functionality?

  1. Autodiscover check https://<smtpdomain>/Autodiscover/Autodiscover.xml.
  2. Autodiscover check https://autodiscover.<smtpdomain>/Autodiscover/Autodiscover.xml.
  3. Autodiscover check http://autodiscover.<smtpdomain>/Autodiscover/Autodiscover.xml.
  4. Autodiscover check for SRV lookup for _autodiscover._tcp.<smtpdomain>.

When you have multiple domains configured for your users. You must redirect your autodiscover functionality to your primary SMTP domain. You can use these different methods:

Method Pros Cons
1) 1 Single-name SSL Certificate with DNS SRV Lookup. – Simple configuration- Requires only 1 website and 1 public IP.- Only requires 1 single-name SSL certificate – Not all DNS hosting providers support DNS SRV records.- Additional dialog is displayed to the Outlook users asking if they trust the redirected URL. It ask you to don’t display it anymore if you want.  – Requires Outlook 2007 client-side hotfix.
2) 1 SSL Certificate that is valid for multiple DNS names (or Subject Alternative Names) – Simple configuration- Requires only one Certificate.- Requires only 1 website and 1 public IP. – Cost of additional DNS names for SSL Certificates can be more expensive.
3) 2 single-name SSL Certificates (one specifically for autodiscover). – 2 single-name certificates may be less costly than a certificate with multiple names. – Complex configuration. – Requires 2 websites and 2 Public IP’s.- Difficult to load balance 2 sites.
4) 1 single-name SSL Certificate with a second HTTP redirection website. – Only requires 1 single-name SSL certificate. – Complex configuration. – Requires 2 websites and 2 Public IP’s.- Difficult to load balance 2 sites.

– Additional dialog is displayed to the Outlook users asking if they trust the redirected URL. It ask you to don’t display it anymore if you want.  

I will explain how you can use a srv record.

1. DNS SRV Record (Service record)

 When you use a SRV record your clients must have update 939184 installed for office 2007 clients. ((http://support.microsoft.com/kb/939184/ ) Description of the update rollup for Outlook 2007: June 27, 2007). It’s included in Service pack 1.

In your srv record you can redirect your autodicover srv record from your subdomain to your primairy domain. To do this you don’t need difficult certificate constructions. One certificate for your primaire domain is needed.

How configure a SRV record to redirect:

If you are using Windows DNS, the steps to create an SRV Record are as follows:

  1. Open the DNS Management MMC snap-in.
  2. Expand Forward Lookup Zones.
  3. Locate and right-click the external DNS zone, and then click Other New Records.
  4. Click Service Location (SRV).
  5. Enter the parameters by using the required values.
  6. Click OK.

SRV record

1.  Service: _autodiscover

2.  Protocol: _tcp

3.  Port Number: 443

4.  Host: autodiscover.<primairy smtp domain>.

Example

Redirect smtp domain contoso.nl to contoso.com

Make a new srv record: _autodiscover._tcp.contoso.nl. with these settings:

_autodiscover._tcp.contoso.nl. 0  0 443 autodiscover.contoso.com.

Remember that it must end with the .

Check your settings with nslookup

Nslookup->

Set type=all

_autodiscover._tcp.contoso.nl

_autodiscover._tcp.contoso.nl SRV service location:

 priority       = 0

weight         = 0

port           = 443

svr hostname   = autodiscover.contoso.com  

Certificate wizard in Exchange 2010 not always create a usable request.

Posted by on Monday, 17 May, 2010

The Exchange 2010 wizard

Exchange 2010 has a wonderful graphic certificate request/create wizard. If you want a public certificate installed on your server you must create a Certificate Signing Request (CSR). In this request all the information for your certificate is there. The common name (the real url) from your website, Company name etc. You can use the New Exchange Certificate Wizard to create a request as follow.

more2know-Certificate-wizard-1.jpg
Select your features which you want in your certificate. You can also add some alternative URLs. Internal and External.

Add your certificate domains. This is your common name.

more2know-Certificate-wizard-2.jpg
Add your organisation information and create your request. You can also use PowerShell to create a CSR.

New-ExchangeCertificate -FriendlyName ‘Test’ -GenerateRequest -PrivateKeyExportable $true -KeySize ‘2048’ -SubjectName ‘C=NL,S=”Noord-Brabant”,L=”Eindhoven”,O=”more2know”,OU=”ICT”,CN=webmail.more2know.nl’ -DomainName ‘autodiscover.more2know.nl’,’webmail.more2know.nl’

ISSUE Request CSR

The Exchange 2010 certificate wizard generates a CSR. Some Certificate Authorities don’t accept the CSR which are generate by the Exchange 2010 certificate wizard. The problem is the additional enter (whitespace at the end of the CSR) for —–END NEW CERTIFICATE REQUEST—–. Your CSR must begin with —–BEGIN NEW CERTIFICATE REQUEST—– and end with for —–END NEW CERTIFICATE REQUEST—– without any spaces. So just delete the white space and your CSR will be accepted.

Preview:

—–BEGIN NEW CERTIFICATE REQUEST—–
MIID/jCCAuYCAQAwfDEVMBMGA1UEAwwMbWFpbGluLnZ1Lm5sMQ0wCwYDVQQLDARV
Q0lUMRswGQYDVQQKDBJWcmlqZSBVbml2ZXJzaXRlaXQxEjAQBgNVBAcMCUFtc3Rl
cmRhbTEWMBQGA1UECAwNTm9vcmQtSG9sbGFuZDELMAkGA1UEBhMCTkwwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52xLF1U0vbyS7tP5RX7AGzjzTcWca
kiy1oCM2M9LKU3RUNNICIx/Thedki9rNDZithWMwT6OTPw85UZKI7z1K7L74BC1o
kZ4YucaWGBKwLT8wlzU/Nu7mordwLGBkihn2MYghw+FzPDwXBNuSvjAEE44foo5H
—–END NEW CERTIFICATE REQUEST—–

ISSUE There must be 1 Common Name

The Exchange 2010 wizard generate a CSR. If in the CSR the FQDN is set by “CN” and “DomainNames”. Your request will not accepted by your certificate authority. Delete the FQDN from the “DomainNames”.

You can use this PowerShell command to generate a good CSR.

New-ExchangeCertificate -FriendlyName ‘Test’ -GenerateRequest -PrivateKeyExportable $true -KeySize ‘2048’ -SubjectName ‘C=NL,S=”Noord-Brabant”,L=”Eindhoven”,O=”more2know”,OU=”ICT”,CN=webmail.more2know.nl’ -DomainName ‘autodiscover.more2know.nl’

Sites where you can test your CSR:

http://www.thawte.nl/en/support/test+your+csr/

http://secure.comodo.net/utilities/decodeCSR.html

Additional CSR information:

Domain Name:    CN =webmail.more2know.nl
Department:          OU = IT
Organisation:        O = more2know
City:                          L = Eindhoven
State/Province:     S = Noord-Brabant
Country:                 C = NL

Microsoft Exchange Server Deployment Assistant!

Posted by on Friday, 7 May, 2010

Microsoft Exchange Server Deployment Assistant

Microsoft will help you to deploy Exchange Server 2010. How can Microsoft help you? The Microsoft Exchange Team has designed a web-based Exchange deployment assistant. It’s a template for deploying or Upgrading to Exchange 2010. The tool asks you a few questions about your current environment and then generates a customized checklist and instructions you can use to upgrade to Exchange 2010. Download and migrate to Exchange 2010.

You can choice 4 deployment scenarios

1: Upgrade from Exchange 2003
2: Upgrade from Exchange 2007
3: Upgrade from Exchange 2003 & 2007
4: New installation of Exchange 2010

Link to Microsoft Exchange Server Deployment Assistant 

Select your deployment scenario!
More2Know Exchange Deploymen tAssistant

The questions!
More2Know Exchange Deployment Assistant Questions

Enjoy.

A first look at what’s coming later this year in Exchange Server 2010 Service Pack 1

Posted by on Friday, 9 April, 2010

While we appreciate all the positive feedback we’ve received on Exchange Server 2010, we know you all are eager to find out what’s been going on in Redmond since November. Today, we are happy to give you a first look at what’s coming later this year in Exchange Server 2010 Service Pack 1 (SP1).

SP1 will include fixes and tweaks in areas you’ve helped us identify, including a roll-up of the roll-ups we’ve released to date. I also wanted to flag some of the feature enhancements we’re excited to bring to you with SP1 including: archiving and discovery enhancements, Outlook Web App (OWA) improvements, mobile user and management improvements, and some highly sought after additional UI for management tasks. This is not an all-inclusive list, so stay tuned for the detailed list coming soon!

In addition to sharing these details with you, I’m pleased to let you know that we’ll be offering a beta of SP1 for download in parallel with TechEd North America this June. This will give you a chance to test drive SP1 and prepare for its official release.

Archiving and Discovery Enhancements

With the release of Exchange Server 2010 last November, we introduced integrated archiving capabilities aimed at helping you preserve and discover e-mail data. In SP1, we’ve enhanced this archiving functionality based on the great feedback you’ve given us since our launch. This includes adding the flexibility to provision a user’s Personal Archive to a different mailbox database from their primary mailbox. This means your organization can now more easily implement separate storage strategies (or tiered storage) for less frequently accessed e-mail. And, we didn’t just stop there! We’ve also added new server side capabilities so you can import historical e-mail data from .PST files, directly into Exchange, as well as IT pro controls to enable delegate access to a user’s Personal Archive.

To help streamline the implementation of retention policies, SP1 updates the Exchange Management Console with new tools to create Retention Policy Tags, so you can automate the deletion and archiving of e-mail and other Exchange items. New optional Retention Policy Tags give you even more flexibility in defining your organizations retention management strategy.

Lastly, we’ve made several improvements to the Multi-Mailbox Search features, which can be used to conduct e-Discovery of e-mail for legal, regulatory or other reasons. A new search preview helps with, for example, early case assessment by providing you an estimate on the number of items in the result set-with keyword statistics-before e-mail located in the search are copied to the designated discovery mailbox. And, you now have a new search result de-duplication option, that when checked, only copies one instance of a message to the discovery mailbox. This can help you reduce the amount of e-mail you need to review following the search. Finally, added support for annotation of reviewed items means you can make your e-Discovery workflow even more efficient and less time consuming or costly.

For those of you that have been holding your breath for this one, we’re also happy to let you know that in SP1 timeframe, there will be an update which will enable us to support access to a user’s Personal Archive with Outlook 2007.

Watch the embedded video to hear from the Exchange team’s Ann Vu and Ian Hameroff talk about the investments we’ve made around archiving in Exchange 2010.

Outlook Web App – Better Than Ever

We didn’t stop working with archiving and discovery, OWA gets a significant facelift with SP1 as well. With new work to pre-fetch message content, the OWA reading experience becomes faster. With delete, mark as read, and categorize operations running asynchronously, these actions feel instantaneous to the user. We’ve also made sure that certain long running operations, such as attaching a very large file, will not block the rest of the OWA experience, protecting the user from irritating web UI hang-ups. You’ll see a number of other UI improvements as well to de-clutter a bit; helping make it easier to find common tasks with updated action icons and menus. The simpler UI will make OWA much friendlier to the smaller screens of ever popular Netbooks. Users will also be able to share their calendars to anonymous viewers via the web, assuming you enable this functionality as the admin.

In RTM, we delivered Information Rights Management (IRM) capabilities in OWA, allowing you to read and compose IRM-protected messages just like you’ve been able to do with Outlook in the past. In SP1, you’ll be able to add Web-Ready Document Viewing of IRM-protected documents as well and you’ll be able to do so in Safari on a Mac as well as in Firefox or IE on a PC.

Finally, for those of you who have been dying to change the look and feel of OWA, we’re bringing OWA themes back; adding several OWA themes so you can match the OWA experience to your particular style. Oh yeah, and yes, the reading pane can be placed on the bottom or the right side.

All The Mobility, All the Time

While Exchange Active Sync (EAS) has become the de facto standard for mobile communication, there is no resting on any laurels in Redmond here either. In SP1, mobile users will be treated with tether-free IRM support in EAS, enabling you to send and receive IRM-protected mail without having previously connected your device to Windows Mobile Device Center to provision IRM. Updated EAS capabilities also enable support for send-as, support for notifying the user if their device has been placed on block or quarantine by their admin, full implementation of conversation view including the ability to sync only unique parts of messages. Also, for those users who need help setting up their mobile device to access mail via POP/IMAP/SMTP, we’ve added information in OWA to provide them the server names for these services.

New Management UI

We know you all love PowerShell, as do we, but SP1 will bring several new management UI enhancements to enable a number of management tasks in the Exchange Management Console (EMC) and Exchange Control Panel (ECP). Here’s a taste:

  • Create/configure Retention Tags + Retention Policies in EMC
  • Configure Transport Rules in ECP
  • Configure Journal Rules in ECP
  • Configure MailTips in ECP
  • Provision and configure the Personal Archive in ECP
  • Configure Litigation Hold in ECP & EMC
  • Configure Allow/Block/Quarantine mobile device policies in ECP
  • RBAC role management in ECP
  • Configure Database Availability Group (DAG) IP Addresses and Alternate Witness Server in EMC
  • Recursive public folder settings management (including permissions) in EMC

Many of the improvements we are delivering in the SP1 are in direct response to the feedback you’ve provided since RTM. I am excited about how, in a very short period time, we’ve been able to quickly respond and introduce these improvements and innovation to Exchange 2010. A full list of what’s coming in SP1 will be on TechNet soon.

http://msexchangeteam.com/archive/2010/04/07/454533.aspx