Archive for category Exchange 2010
Best practice for email resilience
Posted by mikejwcs in Disastery Recovery Planning, Exchange, Exchange 2007, Exchange 2010, Information Technology, IT Advice, Technology on 17/03/2012
Most businesses need email…There are no ifs, buts or maybe’s about it. Email is a core business resource and being without it or worst still losing emails that are sent to you can mean the loss of business.
So how do you protect those emails if your local server is down or your internet connection has thrown a wobbly and you no longer have a functioning internet connection?
The answer is to plan for failure. Some things are out of your control, so plan for those events and you won’t go far wrong.
For email there are a few options, all of which offer differing measures of email resilience and all come at a different price. The question you have to ask yourself is “how much is my email worth?”
For those organisations who can afford to invest £20 or so per user per year, then the answer may well be to use a smarthost such as MessageLabs. This superb service has been around for 10 years or so and is now under the watchful ownership of Symantec, who have invested a fair few ££££’s taking it from a great product with a fair market share to being world leading.
All of your email gets directed to MessageLabs who remove viruses, spam and any other nasty bits and bobs and then forward it on to you. If your server goes down, then the emails sit on the MessageLabs servers until you resume connection. Nothing lost at all. Your outbound emails also go out through MessageLabs, so if someone hacks a user account and starts sending 1000′s of unsolicited emails via your server, MessageLabs stops them before your domain has the unfortunate experience of being Blacklisted. It’s a great product that works. For medium sized businesses it’s a must have. If you have SBS 2011 running Exchange 2010, this is the solution for you, as Microsoft removed the global mailbox option from the Exchange 2010 POP3 connection manager….why?……I only wish I knew.
For those who don’t quite have the funds to splash out £20 a user per year and are not using Exchange 2010 from SBS 2011, then ask your domain host if you can have a catchall POP3 mailbox. This will be your backup if your local server can no longer collect email.
The catchall needs to be big enough to take a couple of days of email. I’d ask for 2GB of disk space if possible, which should be fine with most hosting companies.
You then need to configure your MX records to reflect that the POP3 is the backup. Usually the hosting company will create a virtual email server for you with the name ‘mail.yourdomain.com’. This needs to be the lowest priority MX record.
For example:
MX 10 yourserver.yourdomain.com
MX 20 mail.yourdomain.com
The higher the number, the higher the priority, so mail delivery will always be attempted to ‘yourserver.yourdomain.com’ before going to your POP3 mailbox. If mail can’t reach the highest record, then it will attempt to deliver to the next one on the list. If that server isn’t available it will continue down the list until it runs out of options, then it will fail (or send you a message delayed message if the emails are configured to retry).
If your using SBS 2000, 2003 or 2008 then your next step is to configure POP3 Connection manager to collect the emails. This can be done by using the “Connect to the Internet” wizard available in Server Manager or Server Console depending upon your version. Just add collect internet email and configure the server to connect to ‘mail.yourdomain.com’ using the supplied username and password and tell the wizard its a Global Mailbox. Schedule it to run every 15 minutes and your backup is now in place.
For those using full Exchange or SBS 2011, you will need to get your hands on a 3rd party product to do this for you. Click here for some options. One word of warning. If its says it’s free, it is usually because the version you’re buying isn’t worth anything. Sometimes it’s far better to pay a few £££’s for a product that states that it does the job, rather than trying to hash an application you think might do the job.
If you have any questions about best practice for email resilience or any other business continuity questions please feel free to contact me
Microsoft Exchange to Smartphone – What are the best options?
Posted by mikejwcs in Exchange, Exchange 2007, Exchange 2010, Information Technology, IT Advice, Technology on 02/02/2012
So you run a small business, or even a bigger business and you want to get email on your mobile. You’d like the functionality that your server gives you (or even your Cloud based product such as Office 365) but you’re not sure what phone to use.
The simple answer is that if you have access to an Exchange server, then just about any of the modern smartphones will do. With such a growing marketplace, manufacturers are coming up with a whole host of new gismos and gadgets to make calls and collect emails so here’s a look at the main options.
Windows Mobile
The latest version of Windows Mobile is v7.5 as used on the Nokia Lumia 800. Now I’m a bit biased because I own one of these phone and having a Microsoft OS and Microsoft applications accessing a Microsoft server seems like a no-brainer for me. The OS is pretty sharp, quick to boot, easy to navigate, simple to upgrade (which you’ll have to do as soon as you get it) and is a stylish mobile with a good sized screen. That being said, its also got is negatives.
Setting it up to access Exchange is really easy, you just need to know the name of your OWA (Outlook Web Access) server (the external one), your username and password. If you have a trusted SSL certificate installed, this secures the data being transferred between your phone and the server, and is highly recommended. If you don’t have one, trusted SSL’s can be purchased for as little as £15 per year, and take about 5 minutes of work and a bit of hanging around waiting for the certificate to come through.
Once configured you have access to all the features of Outlook, including Contacts, Mail, and Calendar. Sync scheduling is flexible, with anything from real-time to manually check available.
Pros
Microsoft OS accessing Microsoft Servers using Microsoft Apps. It’s simple, straightforward and works straight from the box.
Good stable OS with more apps being developed every day, watch out Apple
Intuitive user interface, easy to use, navigate and change.
Cons
Battery life is a day if you’re lucky, 12 hours should be expected if sync take place every 15 minutes, less battery if real-time sync is used.
Minimal hardware available, Nokia is leading the way on these, with most manufacturers sticking with Android until the OS is proven.
Apple I-Phone
The Apple I-Phone is the leader of the smartphone revolution. While Nokia were pushing out E51′s and N73′s Apple was reinventing the wheel and have done a really great job of it. The phone is not just a phone, its your MP3 player, your email device, your sat nav and a whole host of other things rolled into one pocket sized device. They don’t really work on the principle of what works, they work on the principle of what would be cool to do on a phone, and then make it happen.
For Exchange I-Phones work OK, it sometimes whinges about certificates and only likes connecting using an external IP address, but it works. The setup is straightforward, you again need the server address (the external IP is probably the only way it will work though) a username, password and domain. Sync options are similar to that of the Windows Mobile, and the battery lasts about the same (unless your playing angry birds and killing your battery all day). It works using ActivSync (which is a Microsoft product anyway) and can synchronise Mail, Contacts and Calendar items.
The phone looks great, is easy to use, has a good enough screen and is the cool kids choice of smartphone.
Pros
Uses a Microsoft Application to connect to a Microsoft Server, and it works really well.
Market leading product with developers around the world scrambling to make additions apps for people to use. It will only get better.
Easy to use, integrates with other Apple devices really well, common user interface, and its pretty stable.
Cons
Battery life is OK, although as soon as you start using it, that can change rapidly. Expensive tariffs due to hardware costs
Android
Android is a Linux based operating system developed by the Open Handset Alliance which is led by Google. The OS is open source, so basically anyone can use it, and is currently on version 4.0, lovingly referred to to Ice Cream Sandwich. The OS is constantly evolving with new features being added every few months. Android is currently the market leader in smartphones with over 200m phones purchased up to Nov 2011 and with manufacturers such as Samsung, Motorola, HTC, Sony Ericson and LG onboard it will go from strength to strength.
Again Android uses ActivSync although Motorola have played around with it a bit and it doesn’t offer full functionality as we know it, but it works quite nicely. Setup is the same as with the I-Phone, although Android tends to work on both the name of the server and the IP address, which is a bonus. It can synchronise Mail, Contacts and Calendar and all in all is a pretty useful OS given that its essentially free.
The phones come in all shapes and sizes, so you can go for a phone which has a great camera, or plays games really well, or even works as a brilliant MP3 player, the choices for Andriod phones is what sets them apart from the limit Windows Mobile 7.5 offering and the I-Phone which is the same as any other I-Phone.
Pros
Uses a Microsoft Application to connect to a Microsoft Server, and it works really well.
Many different ideas for development coming from many different sources, they haven’t become stale since becoming market leading
Loads of different manufacturers, styles and types of phone to choose from, most with really good batteries too.
Cons
There aren’t really any.
Blackberry
Blackberry are the smartphone solution from Research in Motion (RiM) who first developed the product in 1999 so in real terms they were many years ahead of the game for smartphones for email. Their phones have developed quick considerably over the years, but with the emphasis of having the ability to email from them, so qwerty keyboards have been a feature on most of their devices. The phone actually connects to a Blackberry server rather than direct to the Exchange server so the synchronisation is performed initially between 2 servers, and then between the device and the Blackberry server. None of the technology is Microsoft, so if you’re not a fan of everything Bill Gates, then this could be the solution for you (although you’ve got an Exchange server???)
The BES or BES Express server should ideally not be on the Exchange server, I’ve been running them since 2001 and keeping the 2 thing completely seperate from each other is the best solution. The BES server integrates with exchange by creating an domain user account and giving various permissions to access the mailboxes of the users with Blackberry’s, the server can then push new emails from the server to the device, and can pull emails from the device and send them via the server.
This is all set up through an admin console on the BES server, and held within a SQL database, and yes it can be that complicated. However there are some good points to all the rigmarole of setting the system up. Every had someone who lost their phone? Well with BES you can disconnect it if someone reports one lost or stolen, this is the best feature they offer and is a real winner with businesses who are concerned with data that could be held on phones. No waiting to get through to a call centre, just log onto the server and disconnect the device…simple.
Pros
Security. It’s market leading, and with BBM included, even Governments can’t crack your messages.
User friendly devices, they are designed for email not applications to tell you how many calories are in a Pepperami, so your people should use them properly.
Cons
You need an IT guy to set it up, maintain it and patch it when a vulnerability is recognised, as there are some nasty people out there trying to crash BES servers
Additional hardware requirements, I would never recommend having BES Express on an SBS server. Personal preference, but when you have 10 admin apps, SharePoint, OWA, WSUS etc. on the same box, something will eventually stop working, and its not easy to fix if the IIS ports are all screwed.
Limited flexibility, what you see is what you get. If you want it to do something else you need to speak to RiM as there aren’t many Blackberry developers out there compared to every other smartphone OS.
An Honourable Mention – webOS
Palm developed a new operating systems for smartphones and tablets called webOS which was based on Linux and replaced their Palm OS which featured on phones such as the Palm Treo. webOS was launched on the Palm Pre in 2009 and despite a big advertising campaign, never really took off. The Pre was an ingenious slide phone with full qwerty keyboard and offered the best Exchange functionality that I’ve seen in a smartphone. Each phone was registered with Palm at setup, and regular backups to the account occured so if the phone was wiped for any reason, you could restore everything right back.
Unfortunately HP purchased Palm in April 2010 so they could develop webOS for themselves, and within a year or so the decision to stop manufacturing smartphones and tablets was taken. The final smartphone released was the Palm Pre 3, which was launched on 17th Aug 2011. HP made the decision to stop developing webOS devices on 18th Aug 2011.
If the Palm Pre was still available, it would be top of the list. Having used one since launch it was a great phone that interacted with Exchange easily, with a reliable backup solution built in, loads of apps and smaller that all the others.
Bypassing Exchange Anti-spam
Posted by mikejwcs in Exchange, Exchange 2007, Exchange 2010 on 10/01/2012
We’ve had a number of calls of the last few days about Exchange 2007 and Exchange 2010 anti-spam filtering stopping things that it shouldn’t.
It’s great that the filtering is working and stopping things that shouldn’t come through, but what happens when that important email gets blocked, and how can you tell that it’s Exchange that’s done it?
Well the first thing to do is check the undeliverable report. If it looks like the example below, Exchange is probably the cause
server.yourdomain.co.uk #<server.yourdomain.co.uk #5.7.1 smtp; 550 5.7.1 Message rejected as spam by Content Filtering.> #SMTP#
So how do you allow these people to send?
There are a couple of options available, and they are all within Exchange Management Shell if you open this as Administrator, use the following commands to amend the anti-spam whitelists.
To allow a domain:
Set-ContentFilterConfig -BypassedSenderDomains thedomainname.com – To add more than one domain, put a comma between the domains
To allow an email address:
Set-ContentFilterConfig -BypassedSenders email@thedomainname.com – Again to add more than one, put a comma between the email addresses
Although this is a great tool, use it sparingly. Bypassing anti-spam does exactly as it says, it stops messages from those domains from being scanned for spam, so if you get inundated, it may be worth only allowing single email addresses.
Small Business Server – How to configure for multiple companies
Posted by mikejwcs in Exchange, Exchange 2007, Exchange 2010 on 12/12/2011
For many small businesses, the Microsoft Small Business Server is the infrastructure operating system of choice.
But what happens if you have a new idea and want to start using a different domain to start sending and receiving emails, or even set up a new company but don’t have the financial resources to buy a second server, external IP address and the necessary firewall / router to be able to direct the traffic within your network?
Well SBS 2008 and 2011 actually come with the tools already installed. It’s just learning how to configure them to make it possible.
For those companies who want to share resources, you can add different login domains for staff, as well as manage multiple company email addresses through a single Exchange 2007 / 2010 server.
The basics are quite straightforward.
To add multiple login domains Open Active Directory Domains and Trusts. On the top level (with Active Directory Domains and Trusts highlighted) click Action and Properties. This brings up the UPN Suffixes Window.
In “Alternative UPN suffixes” add the additional domain names as you want people to log in e.g. new-company.com and click Add. Once you have added all the domains click OK to close.
To add the domains into Exchange 2007 / 2010, open the Exchange Management Console and expand Organization Configuration.
Highlight Hub Transport on the left hand window so the properties appear in the main window.
Click on the Accepted Domains Tab which will display the current domains that will be accepted by the server.
To add a new domain, in the right hand pane click “New Accepted Domain” to start the wizard.
With the wizard you can easily set up a new domain. I tend to keep things simple so in the Name field, type the domain name you want to add e.g. new-company.com
In Accepted Domain type the domain name again e.g. new-company.com
Ensure Authoritative Domain is the selected radio button
Click New….The domain will then be added as an accepted domain
To make things nice and easy when it comes to setting up the users, create a new E-mail Address Policy. To do this, on the right hand pane click New E-mail Address Policy to start the wizard.
Type a name that makes it easily recognised such as the domain name. If you only want to apply this to users, change the radio button to “The following specific types” and tcik “Users with Exchange mailboxes. Click Next
In Conditions, I’ve found that its easier to select a Department or Company. Select the box and under step 2, click on “specified” type the Department or Company name, click Add and then OK
Click Next
On E-mail Addresses click Add then select the template you want to use, e.g. First name. last name.
Select the accepted domain for e-mail address radio button and click the browse button. This will bring up a list of Accepted Domains, and select the one you created earlier. Click OK.
Click Next
Select when you want to apply the policy. Immediate is the default select, then click Next.
A summary sheet then appears with the details. If you are happy, click New to create the policy.
That’s all there is to it
You should then set up different shared folders for each of the companies (if necessary), use NTFS permissions to control access, and login scripts to make accessing the information easier for individual users.
