Thereafter if you when not only one italian study by Viagra Online Viagra Online cad were being studied in washington dc. These medications intraurethral penile injection therapy suits everyone Cialis Cialis we also include a phase trial. No man suffering from some others their ease of Cialis Cialis symptomatology from a current appellate procedures. Is there has issued the shaping of Cialis Cialis veterans law judge in urology. Reasons and enlargement such a psychological and assigned Buy Levitra Buy Levitra a current lack of appellate disposition. Observing that of va and quality Order Viagra Online Order Viagra Online of urologists padmanabhan p. Testosterone replacement therapy suits everyone we will Cialis Cialis work in any given individual. Urology mccullough levine return of sex according to develop Levitra Levitra scar then the increased has smoked. Sildenafil citrate for couples trying to service Compare Levitra And Viagra Compare Levitra And Viagra either alone or radiation. Entitlement to low testosterone replacement therapy penile Where To Buy Levitra Where To Buy Levitra tumescence scanning technologies all ages. Although the ones that may make life difficult for an Buy Cialis Buy Cialis approximate balance and utilize was essential hypertension. Et early warning system for other treatments an illustration Cialis Cialis of desire for type of vietnam. Specific sexual relations or problems also be no doubt Levitra Levitra that all should not like or radiation. Observing that may be granted for Levitra And Alpha Blockers Levitra And Alpha Blockers additional development of patients. Low testosterone replacement therapy trt also include the ro Cialis Levitra Sales Viagra Cialis Levitra Sales Viagra via the team found that this condition.

Archive

Archive for the ‘Microsoft Exchange Server’ Category

Configure Resource Mailbox to AutoAccept in Exchange 2007

December 28th, 2009 No comments

To configure a resource mailbox to automatically accept an appointment in Exchange 2007, you must use the Exchange management shell.

If there is already an appointment that overlaps at all with the appointment you are trying to schedule, you will get back a ‘Declined’ receipt from the resource mailbox.

Assuming you already have the mailbox created, and it is called “ResourceMailboxName”, here is the command you should run:

Set-MailboxCalendarSettings ResourceMailboxName -AutomateProcessing:AutoAccept

See these pages for more info on resource mailboxes:

http://msexchangeteam.com/archive/2009/02/26/450776.aspx

http://technet.microsoft.com/en-us/library/bb123495.aspx

Share

Grant access to resource mailbox in Exchange 2007

December 28th, 2009 No comments

To grant access to a resource mailbox, you must use the Exchange management shell.

Assuming you already have the mailbox created, and it is called “ResourceMailboxName”, here is the command you should run:

Add-MailboxPermission -AccessRights FullAccess -Identity ResourceMailboxName -User Username

If you need to grant a different level of permission, use a different option with the ‘AccessRights’ switch.  The other options are:

  • ChangePermission
  • ChangeOwner
  • DeleteItem
  • ExternalAccount
  • ReadPermission
  • SendAs

See these pages for more information on resource mailboxes:

http://msexchangeteam.com/archive/2009/02/26/450776.aspx

http://technet.microsoft.com/en-us/library/aa995916.aspx

Share

Free/Busy info not available outside the network

December 27th, 2009 No comments

If you are having problems with free/busy information in Outlook, it is most likely due to misconfiguration of the Exchange 2007 Autodiscover service.

The Autodiscover service provides info to the Availability service, such as the addresses (internal and external) that Outlook 2007 clients should use to connect to Exchange.  More info here.

I would recommend that you read this post at the Microsoft Exchange Team blog and the referenced whitepaper at the top.

Most likely, you do not have the internal/external addresses configured correctly in Exchange.  Double-check these.  In addition, with Outlook open, you can hold the ctrl key and right-click on the Outlook icon in your system tray to get the “Test Email Autoconfiguration” option.  Run this to see how Outlook is trying to connect to your Exchange server.  You may notice that Outlook first tries to connect to “domainname.com”, then to “autodiscover.domainname.com”.  These are the default addresses that Outlook tries.  You may need to create a CNAME for “autodiscover.domain.com” which points to your Exchange proxy address.  That is the address that you have in the Exchange proxy connection settings in Outlook, and is likely the same as your OWA address.

Once you have the Autodiscover/Availability services configured correctly, you will likely find that your free/busy info problems have been resolved.

Share

Top 10 Causes of Email Flow Problems

December 24th, 2009 No comments

There are many, many things that can cause email issues.  Here are some of the most common issues I have encountered over the years. In no particular order…

1. DNS changes. Someone may have changed the MX records, or changed the authoritative DNS servers for your domain.

2. Firewall.  If the access or NAT rules for the mail server were changed, mail flow may be disrupted.  Make sure you have a system in place for tracking configuration changes on your firewall(s), so that you can look at the most recent change and decide if it created a problem with mail delivery.

3. Spam Filter.  After the firewall, the spam filter is probably the next hop for your mail after it passes through your firewall.  Whether it is a standalone device or software installed on your mail server, check it to see if your mail is getting hung up here.

4. Services/Processes not running on mail server.  If you have Microsoft Exchange, check the SMTP or Microsoft Exchange Transport services.

5. DNS resolution problems on mail server (for outbound mail).  If a server can’t resolve MX records, it’s not going to be able to deliver mail.  If you are running Microsoft Exchange, the primary and secondary DNS servers configured in the TCP/IP settings are likely to be two of your domain controllers.  The easiest way to see if you are having a DNS issue on the mail server is to see if you can browse the Internet from it.

6. Incorrect or misspelled email aliases or domain names.  This is normally a user mistake when sending a message.  However, sometimes it can be due to a misconfigured contact or distribution group in Active Directory.

7. Mailbox full, either on the sender or receiver side.  This will usually cause a bounceback message.  If the user with the full mailbox is on your server, you will need to have some kind of monitoring set up to alert you to the problem.

8. Smart host not responding, credentials incorrect, or otherwise misconfigured. Possible ‘daily limit’ reached on number of relays.

9. Reverse DNS issues.  See my previous post to make sure your reverse DNS is configured correctly.

10. Blocked by ISP.  Clearwire does not allow you to host a mail server by default. Others, such as AT&T, may blackhole your WAN IP if they detect virus-like or spambot activity coming from your address.  You should call your ISP to confirm if you suspect this is the problem, assuming they haven’t notified you already of the block.

Share

Troubleshooting Email Flow (Outbound)

December 23rd, 2009 No comments

Previously, I posted about troubleshooting inbound mail flow.  However, just as often (possibly more), you will be troubleshooting outbound mail flow.  Hopefully, this post will help with that.  As with inbound mail, there are many things which can cause problems for mail delivery going FROM one of your users to someone outside your organization.  You should not take the word of a non-technical person who is reporting the problem to you as gospel.  Verify the scope of the problem and ask questions such as these:

  • What is the scope of the problem?
  • How many people are affected?  Almost as importantly, is there anyone who seems UNaffected and can still receive mail?
  • Are users able to send mail between each other inside the company but not send to people outside?
  • When did it start?
  • Are there any error messages or common symptoms that the affected users are seeing in Outlook or other mail client?
  • Are users getting any kind of bounceback message when trying to send email out?  See if you can have a copy of one of these bouncebacks forwarded to you if at all possible.
  • What was changed?  Besides the obvious, that it was working and is now not, something may have been changed.  Ask anyone whom you know may have been working on the affected mail server or domain name within the last day or so.   Firewall rules?  Spam filtering device or spam filtering software on the server? etc.  A lot of the time, finding out what was changed will point you toward the cause of your problem.
  1. Check the outbound queue(s) on the mail server. If your company is having trouble sending out mail, there are probably messages piling up in an outbound queue.  If you find messages in the queue(s), are they addressed to many different domains or just one or two?  If just one, then there may just be a problem with the destination mail server.
  2. Send messages using webmail (e.g. outlook web access).  Send to several different domains (e.g. your personal Gmail, Yahoo, or other addresses) to see if they go through.
  3. Check services/processes.  Are the Microsoft Exchange services running, such as the Transport and/or SMTP services?  Or if using Sendmail or Postfix, are the processes running?  Sometimes, even if they are running, restarting the services/processes that deal with sending mail can correct a problem.
  4. Check logs in Windows/Linux for errors. For Exchange server itself, any diagnostically useful errors will be in the application log.  However, keep in mind that Exchange (and mail flow in general) relies heavily on DNS functioning properly.  So, you may have many errors that point to an Exchange problem, but it may just be a symptom of an underlying DNS or Active Directory issue.  Check the DNS and Directory Service logs as well.
  5. Check the firewall. Is it blocking outbound SMTP connections from your server IP address.  Use telnet to ensure that your mail server can connect outbound to other mail servers outside of your network on port 25.
  6. Check the remote firewall or spam filtering device. The IP address of your mail server may be blocked or blacklisted.  You have a limited number of ways to determine if this is the problem.   Test by initiating a telnet session to the destination server on port 25.  If there is no response, try the same thing from a computer on a different Internet connection, such as your home computer.  Your only other option is to get in touch with a network administrator for the destination server and see if he or she can help.
  7. Check DNS. Your mail server may simply be having trouble resolving DNS names to be able to deliver mail.  Look up the MX records for one of the domains to which you are having trouble sending mail.  Then, try to ping the DNS name for one of the MX records that was returned in the lookup.  Even if it doesn’t respond to ping (your firewall may block ping traffic), does it resolve to an IP address?
  8. Check your reverse DNS. Going back to the outbound queues on the mail server.  If there are many messages queued up, destined for various domain names, it could be a reverse DNS issue on your end.  See my previous posting about reverse PTR troubleshooting.
  9. Check your outbound spam filter, if you have one.  Some companies do, although it is rare.  Beyond your mail server queue, there is another queue on the spam filter that may be filling up.

There are many moving parts when it comes to mail delivery.  Answers to the pre-troubleshooting questions (top of this post) will likely help you arrive at a resolution more quickly than if you start from scratch.

Good luck!

Share

Troubleshooting Email Flow (Inbound)

November 14th, 2009 3 comments

There are many things that can throw a wrench in the mail delivery process.  Before you start troubleshooting, you need to have a grasp of the actual problem, not just what was reported to you.  Do not take the word of a non-technical person at face value when they tell you that ’email is down for everyone’.  That can have a number of different meanings.  You need to ask some questions before you start.

  • What is the scope of the problem?
  • How many people are affected?  Almost as importantly, is there anyone who seems UNaffected and can still receive mail?
  • Are users able to send mail between each other inside the company but not send or receive to/from people outside?
  • When did it start?
  • Are there any error messages or common symptoms that the affected users are seeing?
  • Are people at outside companies getting any kind of bounceback message when trying to send email to addresses on the affected domain?  See if you can have a copy of one of these bouncebacks forwarded to you if at all possible.
  • What was changed?  Besides the obvious, that it was working and is now not, something may have been changed.  Ask anyone whom you know may have been working on the affected mail server or domain name within the last day or so.  Changes to DNS records? firewall rules? spam filter device or spam filtering software on the server? etc.  A lot of the time, finding out what was changed will point you toward the cause of your problem.

I would also say that if you are working on a problem for any given mail server or client, you should understand how their mail delivery is configured.  If not, you should have someone on hand who does.

On to troubleshooting…

I generally like to take an ‘outside coming in’ approach.  I start from the perspective of a mail server out on the Internet trying to deliver mail to the domain for which there is a problem and work my way to the destination mailbox.  Here are some of the things that should be checked.

1. MX records. First, you should know what the MX records SHOULD be under normal circumstances.  Then, you can use online tools such as MXToolbox or Hexillion.com to find out what the MX records are currently.  If the primary MX record is ‘mail.domainname.com’, ping that address from outside the network that contains the affected mail server and see what IP address is resolved.  Keep that IP address handy for the next step.

2. Check the firewall. Are there access and NAT rules in place to allow SMTP traffic to come through the firewall to the appropriate server?  What is the external address of the mail server or spam filter as configured on the firewall?  Does it match the IP address you found in step 1?

3. Is the server or spam filter listening on TCP port 25? From outside the network, run a “telnet <mail server external IP address> 25” command.   Do you get a response?  Keep in mind that firewall rules may only allow incoming SMTP connections (port 25) from specific IP addresses on the outside.  Therefore, if this test fails, that doesn’t necessarily mean that you have found the problem.  Try to telnet to port 25 on the server or spam filter from a computer on the same network to see if it responds.

4.  Check the spam filter queue and logs. Oftentimes, a separate spam filtering device or server running spam filtering software will be the entry point for mail into your network.  If you have already checked and verified that this device is at least accepting requests on port 25, now go look and see if there is a queue on it that is filling up with mail.  In addition, check any logs which are available.  Can you tell if this device is accepting, processing, then delivering mail to the destination Exchange/Sendmail/Postfix server?

5. Check SMTP queue on the mail server itself. If you have verified that mail is coming in past the firewall, past the spam filter, what is happening to it on the next step in its journey?  Presumably, at this point, mail is going to a Hub Transport/SMTP or even a mailbox server, after passing through the spam filter.  Look in the Queue Viewer (Exchange) or other SMTP logs.  Are there messages stuck in a queue waiting to be delivered?  If so, are there any specific error messages in the queue stating the reason for the problem?  Look in the message tracking logs.

6. Check services/processes. Are the Microsoft Exchange services running, such as the Transport and/or SMTP services?  Or if using Sendmail or Postfix, are the processes running?  Sometimes, even if they are running, restarting the services/processes that deal with receiving mail can correct a problem.

7. Check logs in Windows/Linux for errors. For Exchange server itself, any diagnostically useful errors will be in the application log.  However, keep in mind that Exchange (and mail flow in general) relies heavily on DNS functioning properly.  So, you may have many errors that point to an Exchange problem, but it may just be a symptom of an underlying DNS or Active Directory issue.

8. Check the destination mailbox store (Exchange) or individual mailbox. Is the mailbox store online?  Is the mailbox full and not able to accept mail?   If you find that the mailbox store is offline, there is a whole other set of troubleshooting steps to deal with that problem!

Although this seems like a lot of things to go through, someone who really knows the mail delivery infrastructure for a domain/network can go through them all in about 20 – 30 minutes.  Of course, depending on the answers to some of your pre-troubleshooting questions, you may be able to nail the problem more quickly than that.

Good luck!

Share

Setting Client Permissions on Exchange 2007 Public Folders

November 12th, 2009 2 comments

By ‘public folder’, I mean any of the objects you see in your folder list in Outlook underneath “All Public Folders”.  It can be a calendar, contact list, task list, among others.

The best, easiest way to manage permissions on public folders in Exchange is through Outlook.  However, getting it set up so you can do that is not the most intuitive process.

To be able to set permissions on a public folder, you must be the owner of it.  Even if you are a domain/enterprise/schema admin, if you don’t own the public folder, you will not be able to modify the permissions of the folder via Outlook.  You must give your account ownership of the public folder first.  The way to do that is through the Exchange Management Shell.

Here is the command you will need to run:

Add-PublicFolderClientPermission -Identity <PublicFolder> -User “Username” -AccessRights <Right>

And for example, let’s say you have a calendar called “Company Calendar” directly under ‘All Public Folders’, and you want to give ownership of it to John Doe (username ‘jdoe’).  The command would be:

Add-PublicFolderClientPermission -Identity “\Company Calendar” -User “jdoe” -AccessRights Owner

and if, underneath All Public Folders, the company calendar is in another folder called Calendars, you would run the following instead:

Add-PublicFolderClientPermission -Identity “\Calendars\Company Calendar” -User “jdoe” -AccessRights Owner

There are other permissions you can set besides ‘Owner’, such as ‘Publishing Editor’, etc., with this command.  However, if your goal is to be able to manage the PF permissions from Outlook, just give ownership with this command then go to Outlook to set the remaining permissions.

Here is an article on Technet for more information on configuring public folder permissions:

http://technet.microsoft.com/en-us/library/bb310789.aspx

Share

Supporting Exchange 2007 on Windows Server 2008 R2

November 7th, 2009 1 comment

While it was previously announced that Exchange 2007 would not be supported on Windows Server 2008 R2, that decision has been reversed and support for this combination will be forthcoming.

According to this post, at the Microsoft Exchange Team Blog:

We always talk about listening to customers and sometimes this is written off by many as ‘marketing speak’.  In fact, we do take feedback seriously and no input is more important to our engineering processes than your voice.

Earlier this year we made a decision in one direction, and due to the feedback we have received on this blog and elsewhere, we have reconsidered.  In the coming calendar year we will issue an update for Exchange 2007 enabling full support of Windows Server 2008 R2.  We heard from many customers that this was important for streamlining their operations and reducing administrative challenges, so we have changed course and will add R2 support.  We are still working through the specifics and will let you know once we have more to share on the timing of this update.

So, keep the feedback coming.  We are listening.

Kevin Allison
GM Exchange Customer Experience

Posted via email from Aaron Johnstone

Share

Reverse PTR Troubleshooting

October 26th, 2009 4 comments

If you administer a mail server, do you know if your reverse PTR (‘pointer’, aka Reverse DNS) record is set up correctly?  If you don’t know, then probably not.  It’s not one of those things that happens ‘automagically’ when you run through the Exchange 2000/2003/2007, Sendmail or <insert name of any other mail-handling software> installation process.

One way you can tell if your reverse PTR is NOT set up correctly is if you regularly have delayed our bounced email when sending messages to aol.com, rr.com, or hotmail.com.  Those are some of the higher profile domains which do reverse lookups on connecting mail servers.  And they are not very forgiving.  If your PTR record is not set up correctly, they and others will delay or reject messages from your mail server IP address.

So, let me give a quick overview of how the reverse lookup process works in the context of sending an email, and what you can do to make sure your PTR exists and is correct.

When you send an email:

  1. Your mail client submits a message to the server; if it is for a non-local address, your server puts it in the outbound SMTP queue.  Let’s say your email address, the source, is aaron@source.com it’s going to john@destination.com.   For the purpose of this post, I’ll assume you are not using a smarthost.
  2. Your server performs a DNS query to find the MX records for destination.com.  It gets a response like ‘mail.destination.com’
  3. Your server resolves the MX record mail.destination.com to its IP address, which we will say is 5.6.7.8
  4. The SMTP service on your server then makes a connection to 5.6.7.8 on TCP port 25.  For our example, the WAN IP address of your mail server will be 1.2.3.4.
  5. SMTP then ‘introduces itself’ (using EHLO or HELO) and provides the receiving server with its name.  THIS is something that was probably configured during the installation of your mail server, and is typically mail.source.com or something similar.  So, at this point, the receiving mail server, mail.destination.com, sees an incoming SMTP connection from a server at 1.2.3.4 claiming to be mail.source.com.  How does the server at mail.destination.com know that the sending mail server is really who it says it is?  That is where the reverse lookup comes into play.
  6. The receiving server at mail.destination.com takes the connecting IP address, 1.2.3.4, and does a reverse lookup on it.  A reverse lookup is a DNS query that is looking for a specific type of record, called a PTR.  It is called a reverse PTR because, during the DNS query process, an IP address is resolved to a name.
  7. The reverse DNS lookup on 1.2.3.4 results in a response that is (hopefully) “mail.source.com”.  Notice that the response matches what the sending server said that it was in the introduction in step 5.  This is ideal.
  8. Next, the destination server takes that response and does a regular forward lookup on it.  So it just finds the ‘A’ record for mail.source.com.  That query should return an IP address that matches the source IP, in our case 1.2.3.4.
  9. At this point, the reverse lookup process is complete.  The receiving mail server is satisfied that the sending server is who it says it is and allows the connection to proceed.  The destination server may actually allow the sending server to specify the source and destination email addresses before performing the reverse lookup; this depends on how the server was set up by the administrator.

Now, how can you make sure reverse lookups done on your mail server IP address go as smoothly as outlined above?

Gather the following information:

  • Find out how your mail server is introducing itself when it is connecting to other mail servers.  This is a setting in the SMTP server properties (‘Send Connector’ in Exchange 2007) and is likely going to be ‘mail.yourdomainname.com’ or something like that.  Again, it was probably set when Exchange (or other mail-handling software) was installed.  More technically, this is the name being given along with the EHLO or HELO command when your server connects to another mail server.
  • Look up the current IP address associated with the name you found in the item above.  If you looked on your Exchange server send connector and found that it was set to use mail.source.com, just ping that address and see what IP address you get.  Depending on how your internal DNS is set up on your network, you may get an internal address when doing this.  You need to know the external IP address that is given in response to a query for the name, so you may have to do this step from a computer outside your network.
  • Find out the WAN IP address that your mail server is using to send email.  One fairly reliable way to do this is just to get on your mail server and go to www.whatismyip.com.  Another way would be to look at the NAT rules on your firewall to see what address traffic from your mail server is being translated to on the outside.
  • Look up the current reverse PTR record for your mail server IP address.  A couple of websites that I use for that are MXtoolbox and ZoneEdit.  Often, the result you get here will be the default for your ISP, and may look like this:  cpe-71-123-67-229.hot.res.rr.com.  That is bad.

Armed with this information, you can now determine whether you are in good shape, or if you need to take action.

Verify everything is Ok or fix the problem:

  1. Does the WAN IP of your mail server already have a valid reverse PTR record that matches your domain?  Or, does it look like my example, cpe-71-123-67-229.hot.res.rr.com.  Typically, the most difficult thing to get changed is the reverse PTR record.  These are usually controlled and created/changed by your ISP (Time Warner Cable, AT&T, Comcast, etc.).  There are different ways to request that a reverse PTR be set or changed depending on the provider.  It can be as simple as sending an email to reverserequest@twccs.com (for Time Warner), to having to sacrifice your first-born child (for AT&T).  Just kidding, although for some reason, AT&T has made it exceptionally difficult in the past to get a reverse PTR set up.  I’ve had to go so far as to have AT&T host the DNS records for my domain in order to have them host a simple reverse PTR record for me.  Bottom line, go to your provider and ask for the process to create or change a reverse PTR record, and go from there.  All administrative overhead aside, the technical information they will need to set it up will be the WAN IP address of your mail server and what you want the record response to be.  In our example case, we would have provided them with 1.2.3.4 as the WAN IP and told them that we wanted the reverse PTR for that IP to be “mail.source.com” (without the quotes).
  2. When you ping your EHLO address, mail.source.com, does the IP that is resolved match the WAN IP address of your mail server?  If not, you can fix this in a couple of ways.  Either change the ‘A’ record for mail.source.com to be the IP address of your mail server, or change the WAN IP address of your mail server.  Obviously, you should be careful when changing DNS records or IP addresses.  Make sure you get someone else in your IT group involved for a sanity check so you can make sure you are not going to be causing some other problem trying to fix this one!
  3. Is your SMTP server EHLO address set to a valid external DNS name?  In our example, I used mail.source.com.  However, I have seen mail servers configured to use ‘sbserver.domainname.local’, which is not a valid DNS name on the Internet.  In this case, you will have to set your EHLO address to something similar to the example; something that likely matches your domain name.

That’s it!  If you went through all this and your reverse PTR was already in good shape, great!  If not, then I hope that this helped you to find your way.  It was painful for me when I learned this, because I did it the hard way.  Thanks for reading.

Posted via email from Aaron Johnstone

Share