Exchange Center

ENow Software's Exchange blog built by Microsoft MVPs for IT/Sys Admins.

Posts by

Lasse Pettersson

Lasse works as a consultant performing almost anything related to Exchange server, Architect/Reviewer/Design/development and teaching, and sometimes MOC material but also client specific. Lasse understands large enterprise environments as well as the small environment. His knowledge and understanding of customer needs makes him the perfect team member of migration/consolidation projects. Besides doing consulting he speaks at conferences and seminars and if time permits, he writes technical articles. Lasse Pettersson has been awarded the title MVP (Most Valuable Professional) by Microsoft since 2005 for his work with Exchange server. Lasse focus on Exchange server but also work with other products and technologies such as Lync server, Active Directory, firewalls and network communications. You can read his blog "a new message has arrived".

Microsoft Exchange questions

Exchange Cannot Send Mail to Some Domains

Image of Lasse Pettersson
Lasse Pettersson

Have you encountered an instance where Exchange cannot deliver mail to a destination on the Internet? This is becoming more and more common. You may question why this is happening in the first place and why it’s becoming more common.

The answer lies in how Exchange does DNS queries. Exchange was designed to run on a corporate network where you have full control on how DNS is setup and configured. Basically, Exchange believes that DNS will always respond with a correct answer. But when Exchange sends mail to the Internet, DNS queries and answers might not always be what you expect. This is especially true when more and more organizations start using IPv6.

Read More
Cyber Security padlock

RBL and Exchange 2013

Image of Lasse Pettersson
Lasse Pettersson

The antispam agent installation process with Exchange 2013 is similar to previous versions of Exchange. When you install antispam agents on Exchange 2013 servers most agents will be installed on the mailbox role but not the Connection filtering agent aka. RBL, DNS Block List etc.

The powershell script: install-AntispamAgents.ps1 will look for which server role is installed and will not install Connection filtering if the server holds the mailbox role. This is understandable since SMTP connection should come in from the CAS server and then the original sending IP will not be show since CAS do Source-NAT. So the logic would be to install the connection filtering agent on CAS. However the install script will not let you do that either. Connection Filtering will only install on Edge role.

I can only speculate why this is the case. Either Microsoft wants it to be like this or they have found some trouble with the Connection Filtering Agent running on CAS.

Read More
Exchange 2010 DAG nodes

Patching DAG Nodes in Exchange 2010

Image of Lasse Pettersson
Lasse Pettersson

Face it, most Exchange administrators look forward to their weekly patching projects about as much as you and I look forward to our next trip to the dentist. Throw in the extra complications of switching from a non-clustered environment to one that is clustered and the word root canal comes to mind. When working with non-clustered servers one can usually just use WSUS or other patching products which require simple install patches and then a restart or a reboot of the windows box. If this is done in an Exchange environment with clusters however, the same process could end in disaster. What then can the Exchange admin do to make this routine process simple? The answer lies in how you use the nodes; move resources off the node you’re about to patch and then apply patches.

This doesn’t mean there are no drawbacks. This is a manual process and often takes time. The positive side is that administrators have complete visibility of the process and can see if anything doesn't work as expected. Plus one can take action on the failed node while other nodes of the cluster maintain service to users. This scenario also allows the administrator to work regular office hours instead of working late at night on patching-day or weekends.

Read More
Outlook Configurations

Are You Using TMG and Having Issues Publishing Outlook Anywhere?

Image of Lasse Pettersson
Lasse Pettersson
 

Ever tried to publish Outlook Anywhere using NTLM with TMG and use Kerberos Constrained Delegation? Many people have tried and failed, or at least had some major trouble before they were finally able to get things going.

To help make things a little easier, here is a simple checklist on how to publish Outlook Anywhere using NTLM with TMG, using Kerberos Constrained Delegation.

The simplest scenario is a single Exchange server and a single TMG server.

1. TMG must be domain joined to use Kerberos Constrained Delegation (KCD), which can be a problem for some organizations. Domain where TMG is member of must be in Windows 2003 mode and it must be the same domain that your Exchange server is on.

Read More
Exchange 2010 OWA Passwords

Power to the People: Exchange 2010 SP 1 Allows Users to Reset their OWA Passwords

Image of Lasse Pettersson
Lasse Pettersson

For many generations, Outlook Web Access allowed users to change their password, but only after they had successfully logged on to OWA. With Exchange 2007 Service Pack 3 and the upcoming Exchange 2010 Service Pack 1, administrators now have the ability to change the password pretty much the same way users do when they log on to Windows on their PC.

Read More