O-Xchange Notes from the Field!

Thursday, February 26, 2009

How to set-up Resource room to allow appointments over 6months in advance

Configuring Resource rooms to allow appointments over 6months in advance.
Notes: (a)The user that needs to open and setup this resource room must be given full access permission by an Administrator.
step by step:
1. Login to your mailbox via Outlook web Access
2. Click your name in the upper right corner of the window to open the Open Other Mailbox dialog box.
3. Enter the name or alias of the room mailbox that you want to open.
4. If more than one match is found, Outlook Web Access displays a list of possible matches.
5. Click the name of the room mailbox that you want to open. Note that the room mailbox will open in a new window
6. At the upper right corner, click on options. In the options page, scroll down to resource settings. This is only displayed for resource mailboxes
7. Under Resource Scheduling options, type 365 for maximum number of days. This box is used to set maximum number of days that a resource can be booked in advance.
8. Scroll to the top and Click on save
9. Configuration is now completed
Note: Use Resource Scheduling Permissions to control which users can automatically schedule the resource mailbox if it is available, which users must have approval to schedule the resource mailbox if it is available, and which users can automatically schedule the resource mailbox when it is available and can submit a request for approval when it is unavailable. Apply the settings as desired.

Friday, February 20, 2009

Important reading on Service Accounts and Delegation

please refer to this document for insights on service accounts, mailbox ownership, delegation, send-as, send-on-behalf, etc. 


Understanding & Configuring Service (Department) Mailbox Access Delegation
Mailbox Owner: Mailbox ownership is established when an administrator creates a mailbox (mailbox-enables an account) in AD. The owner can login and has full control of the exchange mailbox. A mailbox owner or an administrator can delegate access to other accounts.
Mailbox Delegate: Mailbox designated to act on behalf of a mailbox. Some of the most commonly used options include the ability to read or manager another user’s calendar or to send mail on behalf of another user.
Access levels for sending mail as another user:
Send-on-behalf: This allows the delegate to send mail on behalf of the mailbox owner. The message sent by delegate indicates the sender “on behalf of the owner.
This can be granted using Outlook or by an administrator. Please note that this attribute called “publicdelegate” is written to the AD.
Send-As: This allows delegate to send mail as if they were the mailbox owner. The message sent does not indicate the sender was anyone other than the mailbox owner. This can only be granted by an administrator.
Service Account: A regular mailbox used for departmental use. The name service account is unique.
Service Account manager: Account that has been assigned full Access permission to a service mailbox. This person also has the username and password of the service account mailbox.
Resource Accounts:
Room mailbox: This is mailbox assigned specifically to meeting rooms. Associated users accounts are disabled in AD.
Equipment mailbox: This is a mailbox specific to equipment, for eg TV, Projector etc). Just like rooms, the associated AD accounts are disabled.
Delegating Access to users by service account managers
* As a matter of best practice, service account managers need to login to the service account on AD domain as domain\service account before they can start delegation.
* Create Outlook profile for the service account. Remember to login as domain\service account when prompted for login.
* While in Outlook, delegate access as needed to users. (Service account manager needs to add his/her account as a delegate if desired).
Basic questions for service account managers to consider before assigning or requesting for permissions:
* Do the users want to send on behalf of the service account?
If the answer is yes, the service account manager needs to delegate access to the service account mailbox to the users or the group.
If the answer is no, do not delegate access to users.
* Does the account manager want delegates to access inbox, calendar, contacts, etc of the service account?
If yes, while delegating in Outlook; assign the delegates required permissions to the folders as needed. After this is done, the delegates can access the delegated folders by clicking on file, open, other user’s folder, type the account name and choose the folder you want to open.
If no, while delegating in outlook, assign none permissions to all the folders.
* Does the service account manager want to assign specific permissions to specific folders beneath the inbox?
If yes, assign folder visible permission to the parent folder and the required permission to the child folder.
* Does the service account manager want to open the service account Outlook profile while logged in with his/her AD account?
If yes, administrator will need to assign full access rights to the service account mailbox. By so doing, they can login to the service account using mapi profile and assign outlook folder permissions as desired.
Important Notes/Gotchas:
1. The department account manager needs to add his/her account as a delegate to be able to send on behalf of the service account.
2. Full manage rights enables you to open the mailbox via outlook profile while department manager is logged into AD.
3. Mailbox owner and the administrator are the only ones that can delegate.
4. If rights are delegated properly, delegates can open the folder from
5. Send-on-behalf rights just like send-as is an AD attribute. Only Administrators can give send-as rights. Mailbox owners can give send-on-behalf rights using Outlook.
6. Users not on  domain must log in as domain\mailbox owner to do delegation. In rare cases, you may experience replication issues. Check to make sure global catalog for  domain is within reach and responding in a timely manner.
7. Occasionally delegation may fail. While there are numerous reasons for such failure, it’s usually related to permissions. This can be fixed by doing this: While in Outlook, change outlook login behavior by clicking on tools, account settings, double click on your email account, click on more settings, click on security tab, Check the “Always prompt for logon credentials”, Click OK.
8. Logging into resource accounts is not required and not supported in Exchange 2007.
9. Note that full manage rights on a mailbox does not give the manager send-on-behalf rights for that mailbox.
10. Mailbox delegates can also open the service mailbox in outlook as secondary mailbox. This can be done by going to Tools, Account settings, double click mail account, more settings, advance tab, and under mailbox click on Add and type the mailbox name. Click OK 

powershell command to move group of mailboxes using a text file

use this powershell command to move group of mailboxes from a text file with the user aliases
Get-Content userlist.txt | Get-Mailbox | Move-Mailbox -TargetDatabase 'EXCH2K7\First Storage Group\Mailbox Database'

Running Exmerge from Windows XP SP2

According to Microsoft's website, Exmerge tool is used to extract data from mailboxes on a Microsoft Exchange Server and then merge this data into mailboxes on another Microsoft Exchange Server. The program copies data from the source server into Personal Folders (.PST files) and then merges the data, in the Personal Folders, into mailboxes on the destination server.
steps to install exmerge on windows xp with sp2
1. Install the Exchange 2003 System Management Tools from exchange 2003 cd
2. download exmerge from:
3. Install Exmerge
4. Configure permissions on the database by using this powershell command:
Get-MailboxDatabase -identity "servername\First Storage Group\Mailbox Database" | Add-ADPermission -user "Domain\Username" -ExtendedRights Receive-As, Send-As
Note that this command assumes you have setup exmerge account on the domain and will be using it for exmerge operations.

windows/outlook search just stopped working in Vista

issue: Windows/Outlook search just stopped working in Windows Vista. As a result instant search in outlook won't return any results. 
this is a known issue with windows vista
step 1: try rebuilding the search index. go to indexing optioins, advanced tab and click rebuild. if this doesn't work, try clicking on restore defaults
if stepy 1 doesn't work, go to step 2
step 2: go to services in control panel, look for windows search or windows searcher as the case maybe
double click on the service and stop it. restart the service
this will initiate indexing and should fix the isue

Thursday, February 12, 2009

Configuring Message Tracking Log files on the Hub Transport

Set-TransportServer "servername" –MessageTrackingLogMaxDirectorySize 2GB
Use the following powershell commands to set message tracking age, max log file size and max directory size
1. setting the max log file size to 5MB
 Set-TransportServer HT2k7 –MessageTrackingLogMaxFileSize 5MB
2. setting the age for the logs
Set-TransportServer SERVERNAME –MessageTrackingLogMaxAge DD.HH:MM:SS
for eg
Set-TransportServer E2K7 –MessageTrackingLogMaxAge 15.00:00:00 (will set the logs to expire after 15days)
3. setting the max directory size to 2gb for eg
Set-TransportServer e2k7ht – MessageTrackingLogMaxDirectorySize 2GB

event id parameters of message tracking logs defined

 In exchange 2007, the admin needs to understand the important parameters of Message Tracking logs. Whereas Exchange Server 2003/2000's Message Tracking log was an easy-to-use application that shielded the user from this complexity, it also provided much less flexibility.
Message Tracking logs have a lot of details about a message as it originates from an internal user or external sender, and makes its way through the different stages of message routing and transfer, and finally gets delivered (or not). You can now track messages based on these events.
see below the event ids and descriptions. Proper understanding of these events will help for better troubleshooting and tracking of messages.
EventID Description
DEFER Message delivery delayed
DELIVER Message delivered to a mailbox
DSN A delivery status notification was generated.
Messages quarantined by the Content Filter are also delivered as DSNs. the recipients field has the SMTP address of the quarantine mailbox.
EXPAND Distribution Group expanded. The RelatedRecipientAddress field has the SMTP address of the Distribution Group.
FAIL Delivery failed. The RecipientStatus field has more information about the failure, including the SMTP response code. You should also look at the Source and Recipients fields when inspecting messages with this event.
POISONMESSAGE Message added to or removed from the poison queue
RECEIVE Message received. The Source field is STOREDRIVER for messages submitted by Store Driver (from a Mailbox server), or SMTP for messages
a) received from another Hub/Edge
b) received from an external (non-Exchange) host using SMTP
c) submitted by SMTP clients such as POP/IMAP users.
REDIRECT Message redirected to alternate recipient
RESOLVE Generally seen when a message is received on a proxy address and resolved to the default email address. The RelatedRecipientAddress field has the proxy address the message was sent to. The recipients field has the default address it was resolved (and delivered) to.
SEND Message sent by SMTP. The ServerIP and ServerHostName parameters have the IP address and hostname of the SMTP server.
SUBMIT The Microsoft Exchange Mail Submission service on a Mailbox server successfully notified a Hub Transport server that a message is awaiting submission (to the Hub). These are the events you'll see on a Mailbox server.
The SourceContext property provides the MDB Guid, Mailbox Guid, Event sequence number, Message class, Creation timestamp, and Client type. Client type can be User (Outlook MAPI), RPCHTTP (Outlook Anwhere), OWA, EWS, EAS, Assistants, Transport.
TRANSFER Message forked because of content conversion, recipient limits, or transport agents

Working with message tracking logs

use this powershell command to get message tracking logs from a hub transport server, with start date of 1/13/2009 and end date of 2/13/09 at 11:20am respectively. this will also export to csv file on root of C:\drive
get-messagetrackinglog -Server "servername"
 -Start "1/13/2009 11:20:00 AM" -End "2/13/2009 11:20:00 AM" -resultsize unlimited
| select timestamp, eventid, source, messagesubject, sender, internalmessageid, {_.recipients}, sourcecontext | export-csv c:\msgtrak.csv
more examples:
Get-MessageTrackingLog -sender chuck@chuck.com
Get-MessageTrackingLog -sender "obi@obi.com" -eventID RECEIVE
Get-MessageTrackingLog -sender "barb@domain.com" -eventID DELIVER
Get-MessageTrackingLog -sender "erik@domain.com" -eventID DELIVER -Start "10/01/2009 9:00AM" -End "10/03/2009 5:00PM"
formatting the output
Get-MessageTrackingLog -sender obi@domain.com -eventID DELIVER -Start "10/01/2009 9:00AM" -End "10/03/2009 5:00PM" | Select timestamp,recipients,messagesubject
Get-MessageTrackingLog -sender "Mike@domain.com" -eventID DELIVER -Start "10/01/2009 9:00AM" -End "10/03/2009 5:00PM" -ResultSize 25

Distribution list has reached maximum size errors

Issue: you may receive error that distribution list has reached max size and therefore no new contacts can be added.
Info: There is no definite limit to the number of contacts that you can add to a distribution list. The exact limit is based on the total file size of the contacts. 
If you use only the very basic information for contacts, your distribution list limit may be as many as 125 contacts to 130 contacts. For example, the information for the contacts in a list of this size may include only the name and the e-mail address for each contact. You can create very large distribution lists that contain over a 1,000 contacts. However, these very large lists may not function as expected in Outlook.
create multiple distribution lists while not exceeding maximum number of contacts. Please follow these steps to create multiple distribution lists
  1. In the Contacts folder in Outlook, open the large distribution list.
  2. On the File menu, click Save As.
  3. Type distribution_list_name Copy, click Outlook Message Format (*.msg) in the Save as type list, and then click Save. 

    Note This creates a backup copy of your original distribution list.
  4. Close the distribution list.
  5. Reopen the distribution list.
  6. In the Name box, type the following text at the end of the distribution list name:
    (start_firstname - end_firstname)
    In this example, start_firstname is placeholder text for the first name of the first contact in the new list. The placeholder text for the first name of the last contact in the new list is end_firstname. Select a range of contacts that has fewer than the maximum number of contacts. 

    For example, the distribution list "Business contacts" contains 200 contacts. There are 70 contacts between David Jones and Tony Smith. Therefore, you rename the list to "Business contacts (David - Tony)."
  7. Select and then delete all the contacts that are not in the name range that you specified in the new list name. 

    For example, if you rename the list to "Business contacts (David - Tony)," you then delete all the contacts that have first names that come before "David" alphabetically. Additionally, you delete all the contacts that have first names that come after "Tony" alphabetically.
  8. On the File menu, click Save As.
  9. Click Outlook Message Format (*.msg) in the Save as type list, and then click Save.
  10. On the File menu, click Close. When you are prompted to save changes to the list, click No.
  11. In Windows Explorer, open the folder to which you saved the modified distribution list, right-click the .msg file, and then click Copy.
  12. In the Contacts folder in Outlook, click Edit, and then click Paste. This creates a new distribution list that uses the new name that you specified in step 6.
  13. Repeat steps 5 through 12 for each group of contacts that you want to separate into an individual distribution list.
Reference: http://support.microsoft.com/default.aspx?scid=kb;en-us;238569&Product=out

Tuesday, February 10, 2009

Customer can't download and save attachments while using OWA

Issue: Customer is unable to open, run or save an attachment using OWA. 
Cause: Customer checked public at first logon to OWA instead of private.
Info: Private setting enables owa users to download and save attachments. Public setting assumes you are in a public workstation that’s unsecure. By so doing, that setting automatically, checks this setting in Internet Explorer, called “Do not save encrypted pages to disk”
 This prevents any attachment(word, excel, pdf, etc) from being saved to your computer.
While in IE, go to tools, internet options, security tab, advanced tab, uncheck do not save encrypted pages to disk
Click to see the screenshot

Thursday, February 5, 2009

Outlook web access did not initialize. Contact your administrator

Error: Outlook web access did not initialize. Contact your administrator.
Cause: Customer's alias in Active directory didn't match user logon name
Resolution: Corrected customer's alias to match user logon name. Also changed uid attribute using ADSIedit to match corrected alias

Outlook web access did not initialize. Contact your administrator

Error: Outlook web access did not initialize. Contact your administrator.
Cause: Customer's alias in Active directory didn't match user logon name
Resolution: Corrected customer's alias to match user logon name. Also changed uid attribute using ADSIedit to match corrected alias

How to display and print yearly calendar in Outlook 2007

use calendar printing assistant to display Outlook Calendar in various day/week/month and year templates.
please download the utility from here:
after installation, you can find calendar printing assistant from programs, Microsoft Office, Microsoft Office tools.

Wednesday, February 4, 2009

Access to additional contacts in Outlook

During the conversion from Groupwise to Outlook, some of my contacts that were in subfolders have been added to contacts in their respective folders, but I can't access them when I am trying to create an email. I don't want to add them all to my 'Contacts' list since that list is synched with my Blackberry, and I don't want several hundred names to sort through. How can I get access to contacts to send emails if they are not part of the Global email address list?

unblock attachment restrictions in Outlook

Outlook by default blocks a lot of attachments. You can use this utility bu Ken Slovak(MVP-Outlook) to unblock attachments
It's a COM add-in for outlook that lets you choose levels of file types in outlook
Note that level 1 types are totally blocked by Outlook by level 2 types can be saved to a disk
download the utility from:

Outlook requiring logins after laptop idle for 15-20 minutes

System: Macbook Pro running Windows XP Professional (yes XP natively via Bootcamp, not my choice) Problem: After leaving the laptop for 15-20 minutes Outlook would require the password to be entered numerous times before reconnecting. 1st step: Set power options in Control Panel to never go to standby while plugged in. This didn't seem to have an effect. 2nd step: Opened Network Connections, right-clicked on the connection and opened Properties. Clicked on Configure next to the network card. On the Power Management tab, unchecked "Allow the computer to turn off this device to save power." This seems to have fixed the problem, although I'm not sure why Outlook required multiple password entries.