Sunday, July 29, 2007

Exchange 2007 Client Access and Hub Transport servers in the DMZ

I am seeing some chatter on the newsgroups and web forums as to what ports to open up on a firewall to allow the Client Access and Hub Transport server roles to be placed in the perimeter / DMZ network. Do not do this. Microsoft neither recommends this configuration nor is it supported. You have to open up too many ports on the firewall. If you need to terminate external HTTP/HTTPS connections from the Internet in your DMZ, put a reverse proxy there. Squid is a good freebie that runs on Linux, ISA Server, and BlueCoat are also good solutions.

Here is the official word from Microsoft:
"You can install the Client Access server role on an Exchange 2007 computer that is running any other server roles except for the Edge Transport server role. You cannot install the Client Access server role on a computer that is installed in a cluster. Installation of a Client Access server in a perimeter network is not supported."


Thursday, July 26, 2007

Windows 2003 Scalable Networking Pack and Exchange connectivity

A few weeks ago the Exchange team posted a blog entry about Windows 2003 Scalable Networking pack and its possible effects on Exchange I figured this was an obscure thing and did not affect me, but it looks like I might be having this problem on one of my W2K3 SP2 / E2K3 SP2. Here are some possible issues from the Exchange Team blog:

  • You cannot create a Remote Desktop Protocol (RDP) connection to the server.
  • You cannot connect to shares on the server from a computer on the local area network.
  • You cannot connect to Microsoft Exchange Server from a computer that is running Microsoft Outlook.
  • You can only connect to Web sites that are hosted on the server or on the Internet by using a secure sockets layer (SSL) connection. In this scenario, you cannot connect to a Web site that does not use SSL encryption.
  • You experience slow network performance.
  • You cannot create an outgoing FTP connection from the server.
  • You experience intermittent RPC communications failures.
  • Some Outlook clients may be unable to connect to Exchange.
  • You cannot run the Configure E-mail and Internet Connection Wizard successfully.
  • Microsoft Internet Security and Acceleration (ISA) Server blocks RPC communications.
  • You cannot browse Internet Information Services (IIS) Virtual Directories.

Sunday, July 22, 2007

Interview with Ron Paul

If you have time, this is a great interview with Republican presidential candidate Ron Paul. He makes a lot of sense.

Friday, July 20, 2007

Exchange 2007 Get-SystemMessage

I have seen issues on some web forums and the newsgroups where someone is trying to use the Exchange 2007 Get-SystemMessage cmdlet to retrieve the value of a system message. Here is an example:

Get-SystemMessage 'en\internal\5.7.1'

One thing I learned early on is that this will NOT work unless you have created a message already using the New-SystemMessage cmdlet. By default, this will not list the built-in or default messages.

If you want to look at the original message, it is a bit convoluted. Here is the syntax:
Get-SystemMessage -original ? { $_.identity -eq 'en\internal\5.7.1' }


Wednesday, July 18, 2007

Message waiting indicator for Exchange 2007 Unified Messaging

One of the weaknesses of Exchange 2007's Unified Messaging implementation is that it does not turn on and off the message waiting indicator (MWI) on your telephone. Of course, if you think about it, that would be a pretty complex thing to do since there are so many different types of phone systems and phone switches.

Two third party vendors have emerged that will do this requirement for many phone vendors, though:

- Interactive Intelligence
- Geomant


Tuesday, July 10, 2007

Directory Manager is finally here!

Last year some friends and I went in to the software business. We have been selling the self service tool Directory Update now for a year and have gone through 4 versions worth of improvements and customer suggestions. Directory Update is a web-based, self-service solution that allows users to update their own information in the Active Directory. We originally designed it as a replacement for Microsoft's GALMOD. I wish I could say we were getting rich, but it has been a fun experience and I now have a LOT more empathy for software companies!

We have heard from a number of customers that Directory Update works great in some situations, but there are some attributes that they would rather a designated user (such as a receptionist or Human Resources) update rather than the end user. For the last few months, we have been working to get a new product released we call Directory Manager. Directory Manager allows a designated user the permissions to update other user's information through a web-based interface that functions similarly to Directory Update.

As with Directory Update, the administrator can configure drop-down lists with valid data and they can configure regular expression (REGEX) validation for phone numbers. Directory Manager costs US$469 per Active Directory domain which makes it by far the cheapest solution of its type on the market.


Monday, July 09, 2007

Brian Tirch's blog

My buddy and tech editor Brian Tirch has a new blog. Brian worked pretty closely on both the Exchange 2007 and E2K7 SP1 betas, so I am sure he is going to have some valuable tidbits. Check it out.

Tuesday, July 03, 2007

Directory Update rebranded as Ithicos Solutions

We are evolving (or rebranding if you prefer) our small business that sells Directory Update and Directory Manager. We will be becoming Ithicos Solutions rather than "Directory Update" or ITCS Hawaii (my own DBA name.) Look for a spiffy new web site and logo.