Microsoft and IT consulting company Unisys are offering a free demo of Exchange Server 2007. This is well worth it to evaluate the big changes and some improvements in this new version of Exchange and Outlook Web Access (OWA).

The trial is only 5 days long, but all that’s required to create a trial account is a name and a valid email address. The trial accounts create an account populated with sample messages, calendar items, and voice mail; you’re allowed to send and receive mail, schedule meetings, and adjust your own account’s settings while connecting via Outlook, OWA, or any Exchange Active-Sync app.

Article tagged: Microsoft, Exchange, 2007, Exchange+2007, server, exchange+server, free, trial, demo, account, OWA, Outlook

Seen any “Delivery Status Notification” messages lately? With many companies (especially AOL, GMail, and Yahoo) upgrading mail servers or updating their spam filters frequently we’ve seen a big increase in how many outgoing emails are returned to us. Still, it could be your own SMTP, DNS, or anti-spam settings that are causing the problem. To be sure, check the retrun and ESMTP status codes that are in the top few lines of the returned message.

Here’s and example: PERM_FAILURE: SMTP Error (state 8 ): 554 5.1.0 Sender Denied

In this case it’s easy to see that the message was returned because of an SMTP error. The “Sender Denied” comment on the end means it’s probably because the sending mail server was blacklisted by a spam filter. In most cases it’s not that clear and you need to use the status codes to figure out what happened. The status code in this message is the “554 5.1.0″ part. The format is always *** x.x.x, with the x.x.x part being a return code and the *** being an ESMTP status code. A chart of their meanings is below:

x.x.x, Server Return Codes:
The first value indicates the status of the communication between the sender and recipient server. Possible values are:

• 1 - Server accepted the command, but no action taken. Confirmation message is required.
• 2 - Server successfully completed the task.
• 3 - Server understood the request. More information is required to complete.
• 4 - Server encountered a temporary failure on that request. The command may complete if it’s repeated.
• 5 - Server encountered an error.

The second value is an extra level of detail, which indicates the type of error or communication:

• 0 - Syntax error has occured.
• 1 - Message is an informational reply.
• 2 - Message refers to the connection status.
• 3 - Unspecified, may be used for custom messages.
• 4 - Unspecified, may be used for custom messages.
• 5 - Status message refers to the entire mail system or server.

***, ESMTP Status Codes:
In the event of a failure ESMTP codes can indicate even more detail than server return codes. They can indicate status of either the recipient mail server or your local mail server in response to a problem with your mail client. Possible values are:

• 211 - System status message.
• 214 - Help message formatted for human reader follows.
• 220 - SMTP service ready.
• 221 - Service/connection closing.
• 250 - Successful request. Action completed.
• 251 - Recipient is not local to the server, but the server will accept and forward the message.
• 252 - Recipient can’t be verified, but the server will accept the message and attempt delivery.
• 354 - Start message input now, end with <crlf>.</crlf>. Indicates the server is ready to accept a message once you’ve given it From: and To: information
• 421 - Service is not available and connection will be closed.
• 450 - Requested command failed because the recipient’s mailbox is unavailable.
• 451 - Command has been aborted due to a server error. Possibly notify your SysAdmin.
• 452 - Command has been aborted because the server has insufficient system storage.
• 500 - Server could not recognize the command was due to a syntax error. (usually due to mail client error)
• 501 - Syntax error was found in command arguments. (usually due to mail client error)
• 502 - Command was not implemented. (usually due to mail client error)
• 503 - Server has encounterd a bad command or sequence of commands. (usually due to mail client error)
• 504 - Command parameter is not implemented. (usually due to mail client error)
• 550 - Command failed because the user’s mailbox was unavailable (or you did not have permissions to send to this mailbox)
• 551 - Recipient is not local to the server. Server responds with a fowarding address that should be tried.
• 552 - Action was aborted because storage allocation was exceeded.
• 553 - Action was aborted because the mailbox name was invalid.
• 554 - Transaction failed, without a clear reason.

Two new updates for Microsoft Outlook and one of them is a pretty important security patch.

The security patch fixes another “remote code execution” hole that allows a special form of file attachment to run itself from inside Outlook. Rather than rehash the technical details I’ll comment that this is a bigger problem than normal because it applies to all versions of Outlook 2000, XP, and 2003 plus it also occurs on Exchange server 5, 5.5, and 2000 SP3. Microsoft calls it MS06-003 - the link contains download details for each version of the security patch.

Of less importance but higher visibility, the Outlook Junk E-Mail filter has been updated again. No major reduction in junk mail or change in Outlook’s behaviors from this update (from Dec. 13th, 2005 - so I am a bit late in installing), but they’re worth installing. Even though I can think of more important things for my staff to work on, it always seems to calm users down a bit to see that IT is getting the “latest junk mail filters” installed.

Microsoft Outlook PM’s: I know that out of office responses are handled server-side, so the Outlook Junk mail filter will never help to keep responses from being sent to junk mail too. We can’t turn off sending out of office resonses off-site either - out clients are the only ones who matter when we’re sending those. Is there any chance you could update the Outlook Junk E-Mail filter so that undeliverable out-of-office responses can be matched to the original incoming message - and sent to Junk E-Mail? (…and to whomever runs the MSDN Blogs - there’s no good heirarchy or directory. Your own search function returns poor (and dated) results. Of course, even Google’s Blogsearch returns results almost entirely on keyword content and not on who is a member of what team or by topic.)

Article tagged: Microsoft, Outlook, security, patch, TNEF, MIME, decoding, vulnerability, junk, email, e-mail, filter, update

It is possible to create a situation where someone sending a meeting request will receive a “Message not delivered” response from a user who was not originally invited to the meeting. This is an uncommon message to receive because meeting requests and the use of delegates are relatively uncommon.

Specifically, this occurs when the user sending the meeting request receives a “5.1.1″ non-delivery report from the Exchange Server because a user was deleted from Active Directory and was an email delegate of an original meeting invitee. Exchange stores delegates in the message store instead of in Active Directory, so those references aren’t removed when the delegated user is deleted from Active Directory. Microsoft KB article #312433 describes how to remove an orphaned delegate directly from the Exchange information store - two resolutions are detailed, the second uses Microsoft’s MAPI message store viewer Mdbvu32.exe to edit the message store, Mdbvu32.exe can be downloaded here.

Our network runs Exchange 2003 with SP2, the application-level firewall ISA 2000, and now Windows Mobile 5 devices (which I’m not happy about) trying to connect via the new TCP/IP Activesync 4. The ISA server passes Activesync 4 traffic to those shiny, new Windows Mobile 5 devices (I could see the traffic), but it filters the content and is keeping Exchange SP2 policies from being applied. I understand ISA 2004 doesn’t have this problem, but an upgrade to ISA 2004 isn’t in the budget.

There is a fix in Microsoft’s Knowledge Base, but it references only ISA 2000 and not Exchange SP2, Windows Mobile 5, or Activesync 4. I found it via Neil Chapman’s article Exchange SP2 and feature pack issue with ISA 2000, which says:

If you use ISA 2000 to reverse proxy your Activesync requests, I’ve come across an issue where the Exchange server cannot apply the new policies to a WM5 MSFP device.

Basically, the ISA 2002 firewall server filters the Activesync headers and doesn’t forward all necessary data to the mobile device. The fix for ISA 2000 requires BOTH the latest ISA service pack and a registry change to allow all the communcations options to be passed via Activesync:

Once the ISA 2000 Service Pack is installed, set the registry key DWORD HKLM\System\CurrentControlSet\Services\W3Proxy\Parameters\PassOPTIONSToPublishedServer - Data value to 1, and reboot the ISA server.

Then all those nice Exchange SP2 policies for mobile devices will be applied correctly.

Article tagged: Exchange, server, 2003, SP2, bug, fix, Windows, Mobile, ISA, 2000, activesync, headers, forward, firewall

Are emails sent from a Smartphone taking several days to be delivered?

Several settings need to be just right - but it’s an Exchange 2003 error and not a Smartphone problem. An email sent from a Smartphone and addressed to a domain outside the organization via Exchange 2003, with an SMTP connector configured to send SMTP messages to an external domain, will delay a message without Enter pressed at the end.

Microsoft has a patch for Exchange 2003 to correctly recognize the end of these messages and correct the delays.

The Exchange SP2 became available for download yesterday. Even though Exchange 2003 has been very stable for us, SP2 is already installed on the test server here and I’ve been doing some reading to determine how soon we’ll need to install it. The biggest positive I’ve found yet is the increase in the mail database limit to 75GB on the Standard version of Exchange 2003. This is a much-needed increase, and the only reason we’re running Exchange’s expensive Enterprise version is our need to accomodate huge attachements from cour clients. I also have a personal client in television-services who will be thrilled to know their four users can now store video clips in exchange, instead of constantly archiving to one big folder on the network.

The 75GB database limit isn’t set automatically when SP2 is installed. After all, 75GB exceeds a lot of expectations of the Exchange server and the disk space on most older servers. Since so few admins read the documentation, they might miss this change and lock up their servers. The registry change below, originally explained by The Lazyadmin.com can be set to any value between 1 and 75, the maximum size of the Exchange database in GB’s. By default Exchange 2003 SP2 pushes the default database size to about 18GB, which is the original 16GB maximum plus a 10% over-limit buffer to keep mail coming in while Exchange floods the system with alerts about the database size.

To expand the Exchange database, or set a limit between 1 & 75GB:

1. Open regedit and navigate to HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\SERVER_NAME\Private-STORE_GUID. To change the Public store limit, navigate to HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\SERVER_NAME\Public-STORE_GUID.
2. In the event your Exchange server has more than one private or public store the GUID of each store can be found by running ADSIEDIT.msc and navigating to:
   

   CN=MAILBOX_STORE_NAME (SERVER_NAME),CN=STORAGE_GROUP_NAME,CN=InformationStore,CN=SERVER_NAME,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=Organization name,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com

   SERVER_NAME, STORAGE_GROUP_NAME, and MAILBOX_STORE_NAME reflect the mail store to be changed. Then take note of the objectGUID:… value for that mail store.

3. Create a new REG_DWORD value in the registry key for the correct GUID. Name it “Database Size Limit in Gb” and set the value from 1 to 75.
4. Assuming you are newly setting the “Database Size Limit in Gb” value, it will be detected at the next size check. Reboot the Information Store service for immediate recognition.

By setting the “Database Size Limit in Gb” key the mailbox store will not exceed that value. When the mail store reaches 90% off that value, a default 10% buffer is allowed, it will begin to log event ID #9689 to notify you that the store limit has been reached. Once the mail store does reach the maximum limit the first size check, which happens every 24 hours at 5am, will not take the database offline. The second size check will dismount the store that exceeds the limit.

Both the % of the mail store used as a buffer and the time of the database size check can be changed within the same GUID registry key referenced above. To set either, create a REG_DWORD value named “Database Size Buffer in Percentage” or “Database Size Check Start Time in Hours From Midnight”. Set their values from 1 to 100 or 0 to 23 to change, respectively, the buffer % or the offset from midnight for the size check.

The Exchange 2003 Enterprise information store can also be limitted by the “Database Size Limit in Gb” key. The valid range of values is 1 to 8000. If the key is not set, the default value is 8000GB.

It still amazes me that the Exchange System Manager doesn’t have settings for either “max. database size” or “min. disk space remaining on server”. Isn’t that the whole point of Exchange? …that it’s faster and easier to run because it doesn’t require the amount of experience and forethought that Postfix does.

Update: This same registry tweak is also supported on Windows Small Business Server 2003 (SBS). See the comments below for a link the the SBS 2003 FAQ.