Fixing "Outlook(R) Mobile Access is supported only on Microsoft(R) Exchange Server 2003. Currently your mailbox is stored on an older version of Exchange server." on Outlook Mobile Access under Server 2003

19. September 2008
Comments (0)

So I was testing the configuration on my Exchange 2003 server in preparation for the roll out of some Windows Mobile devices when I recieved the following error:

Outlook(R) Mobile Access is supported only on Microsoft(R) Exchange Server 2003. Currently your mailbox is stored on an older version of Exchange server. Please contact your system administrator for additional assistance.

"That's odd", I thought, "I only have Exchange Server 2003 in my organisation, how can I have an older version of Exchange?" It turns out that this has nothing to do with the version of Exchange you are using. I have set up my Exchange OWA to require SSL (see previous article on SSL and Integrated Authentication) and apparently this can cause issues for OMA.

The Microsoft-Server-ActiveSync and Outlook Mobile Access virtual directories cannot access the contents of the user's mailbox if the Exchange virtual directory is configured to require SSL. The Microsoft-Server-ActiveSync and Outlook Mobile Access virtual directories only try to connect with the Exchange virtual directory over TCP port 80 (HTTP), not over TCP Port 443 (HTTPS).

To resolve this, you need to follow these steps from MSKB 817379

1. Open Exchange Manager.
2. Expand Administrative Groups, expand the first administrative group, and then expand Servers.
3. Expand the server container for the Exchange Server 2003 server that you will be configuring, expand Protocols, and then expand HTTP.
4. Under the HTTP container, right-click the Exchange Virtual Server container, and then click Properties.
5. Click the Settings tab, clear the Enable Forms Based Authentication check box, and then click OK.
6. Close Exchange Manager.
7. Click Start, click Run, type IISRESET/NOFORCE, and then press ENTER to restart Internet Information Services (IIS).

 Additionally, you must use Internet IIS Manager to create this virtual directory for Exchange ActiveSync and Outlook Mobile Access to work. If you are using Windows Server 2003, follow these steps:

1. Start Internet Information Services (IIS) Manager.
2. Locate the Exchange virtual directory. The default location is as follows:
Web Sites\Default Web Site\Exchange
3. Right-click the Exchange virtual directory, click All Tasks, and then click Save Configuration to a File.
4. In the File name box, type a name. For example, type ExchangeVDir. Click OK.
5. Right-click the root of this Web site. Typically, this is Default Web Site. Click New, and then click Virtual Directory (from file).
6. In the Import Configuration dialog box, click Browse, locate the file that you created in step 4, click Open, and then click Read File.
7. Under Select a configuration to import , click Exchange, and then click OK.

A dialog box will appear that states that the "virtual directory already exists."
8. In the Alias box, type a name for the new virtual directory that you want Exchange ActiveSync and Outlook Mobile Access to use. For example, type exchange-oma. Click OK.
9. Right-click the new virtual directory. In this example, click exchange-oma. Click Properties.
10. Click the Directory Security tab.
11. Under Authentication and access control, click Edit.
12. Make sure that only the following authentication methods are enabled, and then click OK:
Integrated Windows authentication
Basic authentication
13. On the Directory Security tab, under IP address and domain name restrictions, click Edit.
14. Click the option for Denied access, click Add, click Single computer and type the IP address of the server that you are configuring, and then click OK.
15. Under Secure communications, click Edit. Make sure that Require secure channel (SSL) is not enabled, and then click OK.
16. Click OK, and then close the IIS Manager.
17. Click Start, click Run, type regedit, and then click OK.
18. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters
19. Right-click Parameters, click to New, and then click String Value.
20. Type ExchangeVDir, and then press ENTER. Right-click ExchangeVDir, and then click Modify.

NoteExchangeVDir is case-sensitive. If you do not type ExchangeVDir exactly as it appears in this article, ActiveSync does not find the key when it locates the exchange-oma folder.
21. In the Value data box, type the name of the new virtual directory that you created in step 8. For example, type /exchange-oma. Click OK.
22. Quit Registry Editor.
23. Restart the IIS Admin service. To do this, follow these steps:
a. Click Start, click Run, type services.msc, and then click OK.
b. In the list of services, right-click IIS Admin service, and then click Restart.

Microsoft, Outlook Mobile Access, Exchange , , , , , ,

Exchange 2003 Email Size Delivery Restrictions...how confusing can it be?

24. July 2008
Comments (0)

I thought this would be fairly common knowledge by now, Exchange 2003 being quite mature in it's 5th year, but it's not something I've had a problem with before and therefore I'm going to write about it!

So a big email comes in; lets say it's 8MB. Your Exchange 2003 server, set to it's defaults for size restrictions, rejects the email. Why? Take a look at this Exchange TechNet article:

When the 8MB message crossed the routing group boundary through SMTP and arrived at the destination server, it was approximately 33 percent larger than the original message because of the inter-routing group SMTP increase...The final message had a content size equal to 11,594,558 (11 MB), and the message exceeded the 10-MB Global Limit, thus returning the 5.2.3 delivery status notification.

Petri.co.il elaborates:

Please keep in mind that message send [sic] through SMTP could grow about 10-20 percent because of format conversion (MIME and UUEncode)

For a standard Exchange Server installation, this is how the process of checking the email size goes (see the diagram below for full details):

  1. Does the email exceed Global Max submission content length?
  2. Does the email exceed the per-user Max Delivery Length for the recipient?
  3. If the email is not delivered locally, does the email exceed the Virtual Server SMTP limit?
  4. If the email is not delivered locally, does the email exceed the Connector limit?

Exchange Size Flow Chart

I won't elaborate on the places you can set the size restrictions, other than to reprint Petri.co.il's list and point you to the full article.

You can set message limits at the following objects:

  • Global settings
  • System Policy
  • Individual mailbox
  • Individual message limit
  • Distribution list
  • Public folder
  • Connector
  • Virtual SMTP Server

Exchange , , , , , , ,

Create a 100Mb file for testing transfer speeds

18. July 2008
Comments (1)

We have a Bonded ADSL solution for our servers to provide the necessary upstream transfer speeds for the applications we host. We have bonded ADSL because our exchange still doesn't support SDSL, and a leased line is overkill. Theoretically, we should have 28.1 Mbps download and 3.2Mbps upload - what I am actually seeing is about 1.7Mbps down and 1.9Mbps up. I have tested this on various servers, over various times and file sizes, there is no doubt that the performance is POOR.

Anyway, on to my point. I wanted to create a file that was exactly 100MB to test transfer speeds. Windows XP, Vista, 2003 and 2008 all have a command line utility called FSUTIL.exe which has a subset of commands to manipulate files, with which you can create a file that is exactly 100MB...like so:

FSUTIL FILE CREATENEW 100MBTest.mdb 1048576

Usage: FSUTIL FILE CREATENEW [Filename] [Size in bytes]

 Nice!

Windows Vista, Windows XP, Exchange , , , , , ,

Outlook Web Access over SSL using Forms Based Authentication AND Integrated Authentication

16. July 2008
Comments (2)

Outlook Web access is a fantastic tool for our company, providing on-the-go access to people's mailboxes - which is of course secured by SSL and uses Forms Based Authentication. Internally, we have an intranet portal that allows us to access the various systems - one of which is OWA. One of the stipulations for this internal portal is that it is all Single Sign On using NTLM authentication - integrated authentication. This is where the problem lies because enabling OWA with Forms Based Authentication over SSL disables Integrated Authentication. So our choice is to have users enter their credentials twice (not acceptable) or to disable FBA and have external users log on with the annoying pop-up.

OR...

You can create a copy of the /Exchange and /Public Virtual Directories and configure them to use Integrated Authentication. You can also restrict access to them by IP...here's how:

 I'm assuming you've already set up OWA with SSL on your Exchange server. If you need to do that, try How do I configure OWA to use SSL? at Daniel Petri's site

  1. Log onto your Exchange Server, and open up the IIS control panel. Locate your /Exchange and /Public virtual directories.
  2. Right click /Exchange, select "All Tasks" and then "Save Configuration to a File..."
    Figure 1
  3. Go through the dialogue, save to a file and if you're worried about security, add a password.
  4. Once you're done, right click any white space in the root web site (or the exchange web site) and select "New", then select "Virtual Directory (from file)..."
    Figure 2
  5. You will be presented with the "Import Configuratio" dialogue, click "Browse..." and select the file you've just created. Click "Read File" and select the Exchange location underneath
    Figure 3
  6. Click "OK" and you'll be asked to provide a new name, or replace the existing Virtual Directory - select create a new one and put an appropriate name (I uses ExchangeIA)
    Figure 4
  7. Now, this step is optional, but read on anyway because you might want to think about it. I only want to allow people on my network to access this using Integrated Authentication, no one else, so I am going to restrict access to the Virtual Directory that I've just created to my IP subnet. To do this right click the newly created Virtual Directory (ExchangeIA) and select the "Directory Security" tab. Under "IP address and domain name restrictions" click "Edit". Now select "Denied access" to deny anyone other than the exceptions, then click "Add.." and enter the details of your network to allow those computers access.
    Figure 5
  8. Now head back to step 1 and repeat for the /Public folder, if Integrated Authentication is required for Public Folders.

IIS, Outlook Web Access, Windows Vista, Exchange , , , , , , , ,

Exchange 2007 and Outlook 2007 remove categories from emails, tasks, calendar etc.

22. May 2008
Comments (0)

It seems that the nice people at Microsoft were looking out for us, lest the evil people in the world see how we categorise our email, and decided to strip away any category information from sent and received objects by default. Sure, I understand if you were categorising emails from someone as "sneaky git" or "numbnuts" then you might not be too happy about sending those out...but really it should be your choice right?

Did you know, for example, that In your Outlook 2007 rules there is a sneaky little enabled by default rule that clears the categories?

DefaultRuleOL2007

Removing that is an obvious first step!

The next step involves editing the registry, so make sure you know what you are doing before editing, always back the registry up first

There are also some registry keys you'll need to add, so open up Regedit and in HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\Preferences, create DWORD keys SendPersonalCategories and AcceptCategories with values of 1. You'll need to restart Outlook for them to apply.

Finally, as per this TechNet article,  log on to your Exchange server as an Exchange Organisation Administrator and run the following command in the Exchange Management Shell 

Set-TransportConfig -ClearCategories $False

You should be able to send and receive emails, appointments, tasks and any other Exchange object that supports categories, complete with category intact.

Office 2007, Exchange , , ,