Speaking Exchange 2013 at SEF

By admin on September 6th, 2012

I’m proud to say that will be speaking at Sharepoint Exchange Forum for the fifth time. My session this year will be about Exchange 2013 and I will show you the coolest new features and of course tell you all you need to know about why you should go for the latest version.

Sharepoint Exchange Forum is an annual event that’s being arranged for the 9th time and it’s as the name suggest focused on Sharepoint and Exchange but you will also hear experts on Lync and Office 365.



Released: Update Rollup 4 for Exchange Server 2010 Service Pack 2

By admin on August 14th, 2012

Update Rollup 4 for Exchange Server 2010 Service Pack 2 has been released and I already downloaded and installed it on a multi role server without issues. The only issue right now is that KB2706690 that describes all changes seems to be unavailable at the moment, but I guess that will be fixed soon.

Download Update Rollup 4 for Exchange Server 2010 Service Pack 2 here



Microsoft Security Advisory (2737111) and Exchange Outlook Web App Mailbox Policies

By admin on July 29th, 2012

Last week Microsoft published Microsoft Security Advisory (2737111), in short it says that in Outlook Web Access in Exchange 2007 and Exchange 2010 it is possible under certain conditions for the vulnerabilities to allow an attacker to take control of the server process that is parsing a specially crafted file.

The workaround for this issue if to disable Web Ready Document Viewing on the Outlook Web App virtual directory. But if you have applied a Outlook Web App Mailbox Policy and assigned that to users the workaround described won’t be enough. As you can read in Understanding Outlook Web App Mailbox Policies it clearly states that:

“When an Outlook Web App mailbox policy is applied to a mailbox, it will override the settings of the virtual directory.”

Effectively this means that if you disable Web Ready Document Viewing on the Outlook Web App virtual directory your users who has an Outlook Web App Mailbox Policy assigned might still be affected by this issue. The default value for Web Ready Document Viewing is set to enabled so if you haven’t specifically turned it off users are affected. To check if you have any users with an assigned OWA Mailbox Policy run the following command in Exchange Management Shell:

Get-CASMailbox –Resultsize Unlimited | Where {$_.OWAMailboxPolicy –ne $null}

To disable Web Ready Document Viewing for all OWA Mailbox Policies run:

Get-OWAMailboxPolicy | Set-OWAMailboxPolicy -WebReadyDocumentViewingOnPublicComputersEnabled:$False -WebReadyDocumentViewingOnPrivateComputersEnabled:$False

Update: This issue is solved in Update Rollup 4 for Exchange Server 2010 Service Pack 2



Microsoft Security Advisory (2737111) and Exchange Outlook Web App Mailbox Policies

By admin on July 29th, 2012

Last week Microsoft published Microsoft Security Advisory (2737111), in short it says that it is possible under certain conditions for the vulnerabilities to allow an attacker to take control of the server process that is parsing a specially crafted file.

The workaround for this issue if to disable Web Ready Document Viewing on the Outlook Web App virtual directory. But if you have applied a Outlook Web App Mailbox Policy and assigned that to users the workaround described won’t be enough. As you can read in Understanding Outlook Web App Mailbox Policies it clearly states that:

“When an Outlook Web App mailbox policy is applied to a mailbox, it will override the settings of the virtual directory.”

Effectively this means that if you disable Web Ready Document Viewing on the Outlook Web App virtual directory your users who has an Outlook Web App Mailbox Policy assigned might still be affected by this issue. The default value for Web Ready Document Viewing is set to enabled so if you haven’t specifically turned it off users are affected. To check if you have any users with an assigned OWA Mailbox Policy run the following command in Exchange Management Shell:

Get-CASMailbox –Resultsize Unlimited | Where {$_.OWAMailboxPolicy –ne $null}

To disable Web Ready Document Viewing for all OWA Mailbox Policies run:

Get-OWAMailboxPolicy | Set-OWAMailboxPolicy -WebReadyDocumentViewingOnPublicComputersEnabled:$False -WebReadyDocumentViewingOnPrivateComputersEnabled:$False



Exchange 2013 Admin Center–The good, the bad and the not there yet

By admin on July 19th, 2012

In a previous post I mentioned how to find the URL for your Exchange Admin Center. Now when you found it, lets take a look at it and see what has improved and maybe some things that can be improved in the future.

Already when you are asked to log on you can see the new look of Exchange, it’s all Metro inspired. I think it looks nice and “clean”.

Enter your credentials and you will get a question about your language settings and time zone. Not much new stuff so far except for the fresh look.

When your logged on you can see the layout of the new “GUI”. If you are a Exchange admin like me you might react on the fact that what used to be on the bottom is now on top, meaning in Exchange 2007 and Exchange 2010 the Exchange Management Console, EMC, was divided in to three categories in the left pane (Organization, Server and Recipients) with Recipients on the bottom. You will now find recipients on the top of the screen.  In my opinion this is probably a good change because once Exchange is installed and configured you will probably spend most time administering your users but the new layout certainly present a few challenges to find the stuff we used to find so below I provide you with a table that shows the left navigation pane and what tabs that are located on them (I know I could work on the Metro style on that but I will use it again later on with more info in each box).

As mentioned and as you can see the number of labels in left navigation pane has increased from before but I find the new layout much more logical then before. For instance it makes much more sense to find Databases under Server than Organization in Exchange 2010 and the same thing goes for Accepted Domain and Email Address Policies witch you now find clicking Mail Flow.

I work with a lot of large customers where the number of users can be substantial. Some tasks in previous version of Exchange has required to open up the “user picker” (like when you add permissions to a mailbox) and sometimes that could take some time to list all users. So to test this I created 100 000 mailboxes and assigned full access to some of them, this happens super fast in Exchange Admin Center!

I Exchange 2010 some tasks where divided between EMC and the web based Exchange Control Panel, ECP. For example Message Tracing witch was done from ECP while other tasks around mail flow was done in EMC. In Exchange Admin center all tasks around mail flow is located together in one place.

To summarize the good part the graphical user interface feels like it’s more logical then before, it’s a more unified GUI and it’s fast!

So lets take a look at what I’m not that thrilled about…

In the Exchange 2010 Management Console there is a great (!) feature, the “Show Exchange Management Shell Command” button (see picture below). This magical button gave you the PowerShell command to  changes you made in the GUI. In the example below I edited my user with the company name mailmaster. To admins that are not really comfortable with PowerShell (yet) this is a great help and I would very much like to see that feature back in the Exchange Admin Center

In Exchange 2010 Management Console we had the possibility to recreate a virtual directory, the GUI simply ran some commands to delete and create it and provided us with a option to save the old directory’s settings to a text file) and that’s not yet in the Exchange Admin Center. Possibly because this is quite a advanced task and admins should know how to do it using PowerShell  but I liked the simplicity of having that as a GUI feature.

 

So this was just a short look at Exchange Admin Center and my personal opinion about what’s good and can be improved in the future. Feel free to comment on what you think!



Exchange 2013 Preview Installation, Client Access Role (Front-End)

By admin on July 17th, 2012

In my previous post I wrote about installing the Mailbox Role aka Back-End role. Installing the Front-End is not much different and I show you how in this post.

Once again have a look at Pro-Exchange for the prerequisites, note that they are slightly different for the Front-End server.

When you have completed the prerequisites run a cmd as administrator and then run setup from there. Your first screen will be setup asking to connect to Internet for updates:

Updates will be downloaded.

When all updates necessary has been downloaded setup copies it’s files. Note, if you cancel the setup before it finishes you will be asked if you want to use the downloaded updates from your first run.

Click next and you get the Introduction page where you can read about Exchange. Right now there is no content for the Exchange 2013 Deployment Assistant but I recommend you keep looking because the content on previous versions of Exchange has been really good.

Accept the License Agreement and click next

Choose to turn of or off Error Reporting.

Setup will now check for required software and automatically go to the next screen when it’s done.

Select the role you want to deeply, in this case the Client Access Role

Select where to install Exchange, the default path is C:Program FilesMicrosoftExchange ServerV15

One of the differences from installing the Mailbox Role id that you get to specify a external hostname, you should enter the fqdn of your external access to Exchange, like webmail.mailmasterlab.se. This information will be used to configure all virtual directories external URL.

A readiness check is performed and when you got all components in place hit Install.

Wait some time, and see the end result below.

It’s been a long day with some great news about Exchange, Lync, Office and Office 365 but it’s 4.30 AM in Sweden right now so I better get some sleep and be back tomorrow with some information about how and what to configure.



How to find Exchange Admin Center in Exchange 2013

By admin on July 17th, 2012

Have you been looking for the Exchange Management Console in Exchange 2013? Stop looking because it’s not there! It’s been replaced with Exchange Admin Center, EAC and to find it fire up Exchange Management Shell and run the following command:

Get-EcpVirtualDirectory | fl *URL*

Now copy the Internal URL into your browser and log on!

You can read more about the new EAC on TechNet