Tuesday, July 30, 2013

Update to Exchange 2013 CU2

Microsoft has released an update to Exchange 2013 CU2 that fixes an issue with public folder permissions.  Check the build number if you have recently deployed.  The build number for the new release should be 712.24.  See Microsoft KB2859928 for more information.

Thursday, July 25, 2013

ResolveP2 headers in Exchange 2010 and 2013

Exchange 5.5, 2000, and 2003 had a feature called ResolveP2 headers.  Essentially, it allowed Exchange to accept an inbound message, inspect the sender's SMTP address (or other type of address back in the olden days) and if the address was associated with an object in the Global Address List / Active Directory, then replace the sender's address with the name from the GAL.

For example, if the email was sent from snuffy@volcanosurf.com, but you had a mail-enabled contact or mail-enabled user in GAL with that SMTP address, it would resolve the name and the From would instead say "Snuffy Smith" or whatever the display name was.   You can read more about this feature from the olden days in this blog by David Lemson: 
ResolveP2, RerouteViaStore, and its equivalent in Exchange 2003

This feature was turned off by default to keep spammers from sending "reputable" looking mail by trying to make a message look like it came from a valid internal sender.

Recently, we were trying to figure out out to turn this back on due to an ongoing migration.  We needed the senders in DomainX to be resolved properly to GAL objects when they sent to DomainY.

The ResolveP2 feature does not exist in Exchange 2010 (and 2013).  Exchange will only resolve the sender's address to a GAL object if the message comes from an authenticated or trusted source.

You can duplicate this functionality in Exchagne 2010 / 2013 with a receive connector that is configured to allow relay and on the Authentication properties, include the "Externally Secured" property.

Bharat Suneja has an excellent article on how to do this.
How To Allow Relaying in Exchange 2010 and Exchange 2007 

Once you have set up the relay receive connector, add the sending system's IP addresses to the authorized source IP addresses.

Take care with this feature because you can inadvertently allow people to relay through your system which will inevitably add you to block lists, get you in trouble with your ISP, and bring about plague-o-locust across the land.  Anyone that sends through this particular receive connector will have these rights.


ms-Exch-SMTP-Accept-Authoritative-Domain
ms-Exch-Bypass-Anti-Spam
ms-Exch-Bypass-Message-Size-Limit
ms-Exch-SMTP-Accept-Exch50
ms-Exch-Accept-Headers-Routing
ms-Exch-SMTP-Submit
ms-Exch-SMTP-Accept-Any-Recipient
ms-Exch-SMTP-Accept-Authentication-Flag
ms-Exch-SMTP-Accept-Any-Sender


Friday, July 19, 2013

Exchange 2013 CU2 - OWA Forms Based Authentication automatically enabled

I think most people automatically use OWA Forms Based Authentication (FBA) for web mail, but in some cases you may have just Basic or Integrated Windows Authentication enabled.

Some people have been reporting that even though FBA is disabled in their environment, once the update to E2K13 CU2, the logon form is displayed rather than using Basic or IWA.

If you check the OWA virtual directory properties, the FormsAuthentication form option is set to "False", yet the FBA form still appears. 
Get-OwaVirtualDirectory | FL forms*,basic*
FormsAuthentication : False
BasicAuthentication : True

  This happens because when CU2 is installed, it replaces the existing web.config file with a new one that has FBA enabled.  This is easy to fix, though.

Simply "enable" and then "disable" FBA on your OWA virtual directories. 

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -FormsAuthentication $True
Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -FormsAuthentication $False 

This should reset FBA back to off.

For more information, see this KB article "The FBA page is displayed when a user accesses OWA or ECP to log on to Exchange Server 2013"

Thursday, July 18, 2013

OWA for the iPad and iPhone for Office365 users

If you are on Office365, this should be some good news.  Microsoft has released Outlook Web App for the iPad and iPhone.  They are available for download from the Apple App Store.  Unfortunately, this seems to be only for Office365 users rather than on premises users.

Thursday, July 11, 2013

Exchange 2013 RTM CU2

Microsoft released Exchange 2013 RTM CU2 this week.  Cumulative Release 2 includes a number of big fixes and product improvements.  Some important notes include that the RBAC roles have been updated (so test thoroughly) and the AD schema will need to be updated. 

See Ross Smith IV's EHLO blog posting on Exchange 2010 RTM CU2.