MSExchange.org Monthly Newsletter of August 2007 Sponsored by: Quest

Welcome to the MSExchange.org newsletter by Henrik Walther, Exchange MVP, MCTS/MCITP Exchange 2007, MCSE 2003 Messaging/Security. Each month we will bring you interesting and helpful information on Exchange Server. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to: henrik@msexchange.org

1. Testing and Verifying Exchange 2007 Servers & Services

Welcome to the August 2007 edition of the MSExchange.org newsletter! By now most of you should be back from your holidays.

This month I wanted to take the opportunity to make you aware of the Exchange Server 2007 cmdlet's, that can help you test and verify the different servers and services in your Exchange 2007 messaging environment. Actually Exchange 2007 includes a lot of cmdlet's (including a couple of new ones introduced in SP1) that can be used for this purpose. I've included all of them below:

Test-SystemHealth
First we have the Test-SystemHealth cmdlet. This cmdlet is used to gather data about an Exchange 2007 system and then analyze the data according to best practices. You can consider this cmdlet a light version of the Exchange Best Practices Analyzer (ExBPA) tool.

Image 1

Test-ServiceHealth
The Test-ServiceHealth cmdlet is used to test whether all the required Exchange 2007 services that have been configured to start automatically in fact are started. If a required service for some reason is not started the Test-ServiceHealth cmdlet will return an error for the respective service. As you can see in the figure below each Exchange 2007 server role installed on the respective server is listed with all the services it depends on.

Image 2

Test-Mailflow
The Test-Mailflow cmdlet is used to test mail submissions, transport, and delivery. This cmdlet lets you test whether a Mailbox server can send itself a message, but can also be used to test mail flow across forests. This is done using the -TargetEmailAddress parameter. The Test-Mailflow uses the System Mailbox as the sender address, so if you use this cmdlet to test mail flow to foreign forests, the recipients might be a little confused when receiving a strange test message from the System Mailbox, so use this cmdlet wisely.

Image 3

Test-MAPIConnectivity
The Test-MAPIConnectivity cmdlet is used to verify MAPI connectivity to an Exchange 2007 Mailbox server. Outlook clients on the internal network use MAPI over RPC to connect to a Mailbox. LDAP connectivity to the AD is also verified as the cmdlet tests whether Directory Service Access (DSAccess) connectivity works as expected.

Image 4

Test-ExchangeSearch
The Test-ExchangeSearch cmdlet is used to test that the search functionality works as expected. This is done by verifying that the Search functionality is enabled and indexes e-mail messages properly.

Image 5

Test-ReplicationHealth (Exchange 2007 SP1 only)
Test-ReplicationHealth is used for proactive monitoring and testing continuous replication. This cmdlet tests all aspects of replication, cluster services, and storage group replication and reply status to provide a complete overview of the replication system.

Test-OWAConnectivity
The Test-OWAConnectivity cmdlet is used to test the connectivity to all Outlook Web Access virtual directories on an Exchange 2007 Client Access server. You can also use it to test connectivity to a single OWA URL.

Test-OutlookWebServices
The Test-OutlookWebServices cmdlet is used to verify AutoDiscover service settings on an Exchange 2007 Client Access server work as expected. Outlook 2007 depends on AutoDiscover to work properly, if not features such as automatic profile creation, Free/busy, Offline Address Book (OAB), and the Out of Office (OOF) doesn't work.

Test-ActiveSyncConnectivity
The Test-ActiveSyncConnectivity cmdlet is used to test the functionality of Exchange ActiveSync (EAS). This is done by performing a full synchronization between a virtual mobile device and a specified mailbox.

Test-UMConnectivity
The Test-UMConnectivity cmdlet is used to test the overall operation of a Unified Messaging (UM) server as well as any connected telephony equipment.

Test-WebServicesConnectivity
The Test-WebServicesConnectivity cmdlet is used to test the functionality of the Exchange 2007 Web Services. The CMDlet performs basic operations to verify the functionality of Outlook Anywhere (formerly known as Outlook RPC over HTTP).

Test-EdgeSynchronization (Exchange 2007 SP1 only)
The Test-EdgeSynchronization cmdlet is used to diagnose whether any Edge Transport servers subscribed to the Exchange 2007 organization have a current and accurate synchronization status.

Image 6

Test-IPBlockListProvider
The Test-IPBlockListProvider cmdlet is used to test the configuration for a specific IP Block List provider configuration on an Edge Transport or Hub Transport server.

Test-IPAllowListProvider
The Test-IPAllowListProvider cmdlet is used to test the configuration for a specific IP Allow List provider configuration on an Edge Transport or Hub Transport server.

Test-SenderId
The Test-SenderId cmdlet is used to test whether a given IP address is legitimate for a sending address for a given SMTP address.

Image 7

You should now be better prepared for the next time you are to test a specific Exchange 2007 server, client access service, mail flow, continuous replication etc.

That was all for this time.

Cheers,
Henrik Walther

Note:
Should you have any ideas for content in future editions of the MSExchange.org newsletter, you are more than welcome to shoot me an e-mail at Henrik@msexchange.org

2. Order Henrik Walther's Exchange Server 2007 book

3. MSExchange.org Learning Zone Articles of Interest

We have a great group of articles in the Learning Zone that will help you get a handle on your most difficult configuration issues. Here are just a few of the newer and more interesting articles:

• Deploying an Exchange Resource Forest (Part 2)
• Customizing Delivery Status Notification Messages
• Load Balancing Exchange 2007 Client Access Servers using Windows Network Load-Balancing Technology - Part 2: Configuring the Windows NLB Cluster
• Migrating from Domino to Exchange 2007 (Part 1)
• Deploying an Exchange Resource Forest (Part 1)
• Exchange 2007 SMTP Namespace Sharing and Different Relay Domain Types
• Load Balancing Exchange 2007 Client Access Servers using Windows Network Load-Balancing Technology - Part 1: Overview of Windows NLB Clusters
• Exchange 2007 Permissions and Roles (Part 2)
• Monitoring Exchange Server 2007 using MOM 2005 (Part 3)
• How the Exchange Server 2007 Core Services Work Together

4. KB Articles of the Month

Here are some interesting and useful MSExchange related articles posted by Microsoft in the last month:

• Error message when you try to use the spelling checker in Outlook Web Access: "Your Exchange server is busy and can't check spelling at this time. Try again later"
• You experience problems in an Exchange 2003 and Lotus Notes mixed environment after daylight saving time (DST) starts in New Zealand in 2007
• Event ID 31092 is logged when the Microsoft Exchange Server 2003 Connector for Lotus Notes delivers an Internet e-mail that contains recipients in only the Bcc box
• The Setup program stops responding, and event ID 1031 is logged when you try to install or to reinstall Exchange Server 2003 in Disaster Recovery mode
• You cannot use a 3DES-based Secure Sockets Layer (SSL) connection to connect to Exchange 2003
• Event ID 1036 is logged on an Exchange 2007 server that is running the CAS role when mobile devices connect to the Exchange 2007 server to access mailboxes on an Exchange 2003 back-end server
• Appointments that are sent between different Exchange Server organizations may be incorrect by one hour when one of the organizations is in the Western Australia time zone
• Error message when you try to access public folders in Exchange 2003: "Error ID number: c1030af3" or "HTTP/1.1 503 service unavailable"
• Error message when you synchronize a Windows Mobile 5.0-based device with Exchange 2003: "Active Sync encountered a problem on the server. Support code: 0x86000108"
• The DAV:getcontenttype property is changed, and a .doc file loses some properties when you use Word 2007 to edit the .doc file on a shared drive M
• Exchange 2003 is unable to convert .ics files to Outlook meeting items for multiple-event iCal files
• The Microsoft Exchange Information Store service in Exchange 2003 exits unexpectedly when some users log on to Outlook Web Access
• The TechNet "Events and Errors Message Center" offers detailed explanations, recommendations, and additional resources that apply to event IDs
• The Microsoft Exchange Information Store service stops unexpectedly, and event ID 7011 is logged in Exchange Server 2003

5. Tip of the Month

I know many of your guys are currently in the process of transitioning your Exchange 2000/2003 messaging environments to Exchange Server 2007. I also bet that many of you have several dedicated resource mailboxes that need to be moved to the Exchange 2007 Mailbox server(s). Some of you probably already moved a few resource mailboxes and became aware that once it is moved it is treated like an ordinary Exchange 2007 user mailbox and not converted to an Exchange 2007 Room or Equipment mailbox. So the big question is: Can I convert an Exchange 2007 user mailbox to a Room or Equipment mailbox? Fortunately the answer is yes and it is actually a simple process. First you should execute one of the following commands depending on whether you want to convert it to a Room or Equipment mailbox:

Set-Mailbox -Identity "name of mailbox" -Type Room
Set-Mailbox -Identity "name of mailbox" -Type Equipment

Next we should enable auto accept processing for the mailbox(es). This is done with the following command:

Set-MailboxCalendarSettings -Identity "name of mailbox" -AutomateProcessing AutoAccept

There you have it! The moved resource mailboxes will now be exposed as Room and/or Equipment mailboxes in the Exchange Management Console and the Exchange Management Shell.

6. MSExchange Links of the Month

New Microsoft IT Showcase Site

http://technet.microsoft.com/en-us/library/bb687780.aspx

Update Rollup 4 for Exchange 2007 Released

http://www.microsoft.com/downloads/details.aspx?FamilyId=E56FC52A-216E-4225-BF2F-F082C20B7B21&displaylang=en

Exchange Your Career

http://www.exchangeyourcareer.com/

Release Notes for Exchange Server 2007 SP1 Beta 2

http://download.microsoft.com/download/5/e/6/5e672458-592a-44a2-b489-11cec19d3c82/RelNotes.htm

Easy ways to evaluate Exchange Server 2007 SP1 today

http://msexchangeteam.com/archive/2007/08/24/446811.aspx

Secure Messaging with S/MIME and OWA on Exchange Server 2007 SP1

http://msexchangeteam.com/archive/2007/08/20/446760.aspx

Exchange Server and Windows Server 2008

http://msexchangeteam.com/archive/2007/08/16/446709.aspx

New OWA themes for Exchange Server 2007 SP1

http://msexchangeteam.com/archive/2007/08/14/446663.aspx

Microsoft Forefront Security for Exchange Server with Service Pack 1 Beta 2

http://msexchangeteam.com/archive/2007/08/14/446659.aspx

Announcing Service Pack 1 Beta 2 for Exchange Server 2007

http://msexchangeteam.com/archive/2007/08/14/446656.aspx

Video: TechED 2007 talk; Brent Alinger on Exchange 2007 RTM and SP1 Setup

http://msexchangeteam.com/archive/2007/08/10/446635.aspx

Video: TechED 2007 talk; Charlie Chung on Exchange 2007 SP1 Transport

http://msexchangeteam.com/archive/2007/08/08/446622.aspx

Transports use of Temp Tables during message processing and bifurcation in Exchange Server 2000 and 2003

Top Three Exchange Server 2007 Deployment Scenarios: Essential Reading

Exchange 2007 Webcasts

Stopping Junk E-mail with Exchange Hosted Filtering

7. Ask Henrik Walther a question

QUESTION: Hi Henrik,

Your articles are fantastic! I am a big fan.

Although CAS is not supported in the DMZ, many of our clients refuse to place what they consider a web server in the secure zone. Additionally many clients do not want to use ISA as they already have firewalls in place (i.e. Cisco, etc).

Therefore we are stuck with the issue that we have CAS servers in a DMZ and a third-party firewall in between that DMZ and the mailbox servers. We cannot find any documentation in regards to what ports need to be opened for the CAS servers to communicate with the mailbox servers.

Are you aware of any articles existing on this subject?

Kind Regards,

Sherr

ANSWER: Hi Sherri,

Since the CAS is much more than just a front-end server for Exchange (used for many purposes on the internal network too), I would highly recommend against placing it in the DMZ. Placing it in the DMZ means you must open many other ports than 443/HTTPS, since it needs to communicate with AD, mailbox servers, UM, etc. Placing the server in the DMZ is a much higher risk than simply placing it on the internal network and opening one secure port (443/HTTPS).

I know it can be a pain to discuss this issue with the network guys, but I would do anything in my power to get an ISA server or another reverse proxy deployed in the DMZ and then pre-authenticate users and configure SSL bridging on the reverse proxy server in the DMZ.
Cheers, Henri