Chris’s Blog

In almost every environment I have ever seen there are usually some devices and/or systems that need to send email and typically these will require some SMTP server to relay these messages. More often than not these also do not have the ability to authenticate to the relaying host.

How do we deal with these in Exchange? I have seen some pretty silly solutions and the default answer seems to be “Just allow anonymous users on the default connector”. This is not true and is actually quite a dangerous thing to do, so my advice is DON’T. In fact, I would go so far as to say, don’t ever touch the default connector. The correct way is to create a new receive connector and allow relay from only the devices that are required to use this connector.

Allowing anonymous relay is serious and requires thought and planning. If could be exploited by spammers and IMHO should not be configured on internet-facing servers.

So lets say that we have three devices that need to relay anonymously, their IPs are 10.0.0.30, 10.0.0.31 and 10.0.0.32. First we need to create a new receive connector:

New-ReceiveConnector -Name “Anonymous Relay Connector” -Usage Custom -PermissionGroups AnonymousUsers -Bindings 10.0.0.20:25 -RemoteIpRanges 10.0.0.30-10.0.0.32 –Banner “220 Anonymous Relay Connector”

Next we need to to grant relay permission to anonymous connections on the new Receive connector:

Get-ReceiveConnector -Identity “Anonymous Relay Connector” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “Ms-Exch-SMTP-Accept-Any-Recipient”

What happens if you have multiple servers and would like to duplicate your receive connector settings. Say for example you have two Exchange servers and you have a receive connector on a server called EXHUB01 that allows 100 devices to relay. You would now like to create the same connector on EXHUB02. Instead of manually adding each address, you could do this:

New-ReceiveConnector “Anonymous Relay Connector” -Server EXHUB02 -Usage Custom -PermissionGroups AnonymousUsers -Bindings 10.0.0.21:25 -RemoteIPRanges ( Get-ReceiveConnector “EXHUB01\Anonymous Relay Connector” ).RemoteIPRanges -Banner “220 Anonymous Relay Connector”

Don’t forget to grant relay permission to anonymous connections on the new Receive connector:

Get-ReceiveConnector -Identity “EXHUB02\Anonymous Relay Connector” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “Ms-Exch-SMTP-Accept-Any-Recipient”

Just in case you missed it, Exchange 2010 SP2 was released earlier this month. The following features and functionality has changed since Service Pack 1 for Exchange 2010:

• Hybrid Configuration Wizard
• Address Book Policies
• Cross-Site Silent Redirection for Outlook Web App
• Mini Version of Outlook Web App
• Mailbox Replication Service
• Mailbox Auto-Mapping
• Multi-Valued Custom Attributes
• Litigation Hold

I wanted to call out a couple of these that I have been eagerly awaiting:

Hybrid Configuration Wizard
Exchange 2010 SP2 introduces the Hybrid Configuration Wizard which provides you with a streamlined process to configure a hybrid deployment between on-premises and Office 365 Exchange organizations. Hybrid deployments provide the seamless look and feel of a single Exchange organization and offer administrators the ability to extend the feature-rich experience and administrative control of an on-premises organization to the cloud.

Cross-Site Silent Redirection for Outlook Web App
In Exchange 2010 SP1, there was three types of redirection for OWA in Exchange 2010 on-premises:

• Manual Redirection
• Temporary Manual Redirection
• Legacy Silent Redirection (for Exchange 2003/2007)

With Exchange 2010 SP2, you can enable a silent redirection when a Client Access server receives a client request that is better serviced by a Client Access server located in another Active Directory site. This silent redirection can also provide a single sign-on experience when forms-based authentication is enabled on each Client Access server.

For more information about what’s new in Exchange 2010 SP2, click here

To download Exchange 2010 SP2, click here

I recently came across this error while using Jetstress to test and validate the performance of their Exchange storage. I was running the tool on Windows Server 2008 R2 and I don’t recall ever seeing this before. After finding what is actually an easy fix, I thought I would  write up this post just in case this has anyone else baffled. The entire error was:

Ensure that you’re running the application as a member of built-in Administrators security group.

The MSExchange Database or MSExchange Database ==> Instrances performance counter category isn’t registered.

The admin account I was using is a member of the domain admins security group so I assumed I had the correct permissions but went away and checked just to be sure. I also checked to make sure that the domain admins group was a member of the local built-in Administrators security group, which it was. After spending a few minutes thinking about it, I thought I would try running Jetstress “as an administrator” (right-click the shortcut and select “Run as administrator”

That solved the problem.

I have since checked the Jetstress installation in my Exchange 2010 Lab which also runs on Windows Server 2008 R2 and this step is not required there, it works fine by just clicking the Jetstress shortcut (no right-click required). Not really worth spending time investigating the cause as it may just be a once-off occurrence, but at least it is now documented.

Toby and I talking about our “Microsoft Office 365: From Simple Migration to a Hybrid Environment” session at At Tech-Ed Australia 2011.

If you missed it, the recorded session and slides are available for download here: http://cgoo.se/ndiUkE

I recently saw this at Tech-Ed Australia and finally managed to track it down so I could share it. I think it’s such a great video and just excites me about the "future of productivity".

After an interesting and somewhat different keynote, Tech-Ed 2011 has officially kicked off. While everyone is enjoying a few cold ones, I thought I would take the time to tell you about some of the sessions I am excited about attending this year.

There are many great speakers at Tech-Ed this year, these are just some of the sessions I plan to attend.

• EXL310: "Upgrading to Exchange 2010: Notes from Field" with Colin Lee and Sofiane Behraoui
• EXL309: "Microsoft Lync 2010: How to go big with voice" with Brendan Carius and Selvan Loganathan
• OFS-OFC309: "From Zero to Productivity with Office 365" with Ben Walters, Chris Oconnor and Lee Hickin
• EXL303: "Exchange Server 2010: High Availability Concepts" with Scott Schnoll
• EXL304: "Load Balancing with Microsoft Exchange Server 2010" with Andrew Ehrensing

Then of course there is my session with Toby Knight, EXL-OFC311: “Microsoft Office 365: From Simple Migration to a Hybrid Environment” we will be in Arena 1B at 5 PM tomorrow… we’ve got some great schwag so make sure you stop by!

I’ve seen this error around a few times over the last while but have never really paid too much attention to it:

It seems it only occurs in the management console if you have IE9 installed on your Exchange 2010 SP1 server. Previously the recommendation was to uninstall IE9 or just live with it. I recently installed Update Rollup 5 for Exchange 2010 SP1 in my lab environment and it seems to have fixed this error.

Obviously I would recommend thorough testing before deploying any updates in production, but I thought it would be worth mentioning that it does seem to fix this error as well.

I’ve been having a problem with remote mailbox moves to Office 365. The move completes successfully and everything works ok, but it always generates the following error:

“Could not load type ‘Microsoft.Exchange.MailboxReplicationService.RequestPriority’…”

I’ve seen this mentioned a few times on the Office 365 community forums and some of my colleagues are also seeing this. The good news is that after installing Update Rollup 5 for Exchange 2010 SP1 this error no longer appears.

Earlier today the Exchange team announced the release of Update Rollup 5 for Exchange Server 2010 Service Pack 1. Update Rollup 5 for Exchange Server 2010 SP1 resolves the issues that are described in the following Microsoft Knowledge Base articles:

• 2275156 – The inline contents disposition is removed when you send a "Content-Disposition: inline" email message by using EWS in an Exchange Server 2010 environment
• 2499044 – You cannot save attachments in an email message by using OWA if the subject line contains special characters in an Exchange Server 2010 environment
• 2509306 – Journal reports are expired or lost when the Microsoft Exchange Transport service is restarted in an Exchange Server 2010 environment
• 2514766 – A RBAC role assignee can unexpectedly run the Add-ADPermission command on an Exchange Server 2010 server that is outside the role assignment scope
• 2529715 – Slow network or replication issues after you change the number of virus scanning API threads in Microsoft Exchange Server 2010
• 2536704 – Mailbox users who are migrated by using ILM 2007 cannot use the Options menu in OWA in an Exchange Server 2010 environment
• 2537094 – French translation errors occur when you edit a response to a meeting request by using OWA in an Exchange Server 2010 SP1 environment
• 2554604 – A RBAC role assignee can unexpectedly manage certificates that are outside the role assignment scope in an Exchange Server 2010 environment
• 2555800 – You cannot use the GetItem operation in EWS to retrieve properties of an email message in an Exchange Server 2010 environment
• 2555850 – You cannot delete a mailbox folder that starts with a special character in its name by using Outlook in an Exchange Server 2010 environment
• 2556096 – The columns in the .csv logging file are not lined up correctly when you perform a discovery search on a mailbox in an Exchange Server 2010 environment
• 2556107 – The columns in the .csv logging file are not lined up correctly when you perform a discovery search on a mailbox in an Exchange Server 2010 environment
• 2556133 – A device that uses Exchange ActiveSync cannot access mailboxes in an Exchange Server 2010 environment
• 2556156 – Extra.exe crashes when it performs RPC activity checks against an Exchange Server 2010 server
• 2556352 – "ChangeKey is required for this operation" error message in Outlook for Mac 2011 in an Exchange Server 2010 environment
• 2556407 – Certain client-only message rules do not take effect on email messages that are saved as drafts in an Exchange Server 2010 environment
• 2559926 – "There are no items to show in this view." error message when you try to view a folder by using Outlook in an Exchange Server 2010 environment
• 2572958 – The "Test-OutlookConnectivity -Protocol HTTP" command fails with an HTTP 401 error in an Exchange Server 2010 environment

For more information, click here

To Download, click here

Have you ever had to figure out what version of Exchange a build number is referring to or vice versa? There is a very handy TechNet article that lists every build number and release date since Exchange 4.0.837 (Exchange Server 4.0 Standard Edition, June 11 1996)

Bhargav Shukla also has a great script that can be used to find Exchange 2007 and Exchange 2010 build numbers in your environment.