I’ve written plenty about exporting mailboxes from Exchange. But what if you need to perform a selective import into Outlook? This is helpful for importing mail in date ranges, using an import to search for terms (common with litigation holds) and importing contacts and calendars.
To get started, click Open from the File ribbon.
When prompted, click on Import/Export.
At the Import and Export Wizard screen, click on “Import from another program or file”
At the “Import a File” screen, click on “Outlook Data File (pst)”
At the Import Outlook Data File screen, choose the mailbox to import into and then click on the Filter button. Using the filtering options, you can choose to import based on date ranges, using search terms, selecting specific folders or a combination of all of these.
krypted February 4th, 2014
Posted In: Microsoft Exchange Server
Outlook Web Access (OWA) allows administrators to setup themes. I’ve noticed a lot of people configuring custom OWA themes these days. And when they do, they are always annoyed when users change the theme back to the default. So, let’s disable theme selection using the set-owavirtualdirectory cmdlet.
Here, we’ll do so on a server called krypted, on the default web site, for the default owa virtual directory using the -identity option. The option we’ll use is -themeselection enabled and we’ll set it to $false:
set-owavirtualdirectory -identity "krypted\owa (default web site)" -themeselectionenabled $false
To set it back, just swap $false for $true:
set-owavirtualdirectory -identity "krypted\owa (default web site)" -themeselectionenabled $true
krypted December 7th, 2013
By default, when you require an SSL certificate in IIS on an Exchange server, if users hit the page without providing an https:// in front they will get an error. Rather than require certificates, it’s better in most cases to redirect unsecured traffic to a secured login page. In order to do so, first configure the redirect. To do so, open IIS Manager and click on the Default Web Site.
At the bottom of the pane for the Default Web Site, click Features View if not already selected.
Then open HTTP Redirect. Here, check the box for “Redirect requests to this destination” and provide the path to the owa virtual directory (e.g. https://krypted.com/owa).
In the Actions pane to the right of the screen, click Apply. Then click on Default Web Site again and open the SSL Settings pane. Here, uncheck the box for Require SSL.
Next, edit the offline address book web.config file on the CAS, stored by default at (assuming Exchange is installed on the C drive) C:\Program Files\Microsoft\Exchange Server\\ClientAccess\oab. To edit, right-click web.config and click Properties. Then click Security and then Edit. Under Group, click on Authenticated Users. Then click Read & execute for Authenticated Users in Permissions. Then click OK to save your changes.
Finally, if you have any issues with any messages not working, start the IIS Manager. Then browse to the virtual directories and open HTTP Redirect. Then uncheck “Redirect requests to this destination” and click Apply. When you’re done, restart IIS again and test the ability to send and receive emails to make sure that mail flow functions without error from within the web interface.
krypted December 6th, 2013
I’ve seen a number of cases where Exchange Information Stores are located on SANs. If you don’t have enough throughput you’re likely to see RPC request timeouts for the database, mailboxes or even a server. This typically correlates to Event IDs of 10025, 10026 and 10027. If a mailbox is having such problems then it will be quarantined. If you have this happen once or twice then it’s likely not that big of a deal. However, if it happens repeatedly then you’ve likely got a problem. These can be cumbersome to fix. So while you’re working on things, rather than have mailboxes go offline all the time, you can edit the registry to turn off the time-out detection that causes quarantining of assets. To do so, open regedit and backup your registry. Once done, locate the following key (assuming the server name is KRYPTEDEX2010:
Right-click the name of the server, click on New, and create a “DWORD (32-bit) Value” with a name of DisableTimeoutDetection. Set the value to 1 and save. All done. Good luck fixing your I/O (and don’t treat the symptom without curing the disease or you’ll end up having to isinteg your database eventually).
krypted November 3rd, 2013
When running mailbox exports, move requests, etc in Exchange 201x you might get an error. This is because the Management Role Assignments have changed ever so slightly. In order to provide an account the ability to do certain tasks, you can use the New-ManagementRoleAssignment powershell cmdlet to process a request. To do so, pick a user (in this case the username is kryptedadmin) using the -User option and choose roles to assign (in this case, mailbox, export and import) using the -Role option. The command then looks as follows:
New-ManagementRoleAssignment -Role "Mailbox Import Export" -User kryptedadmin
To see if your roles were properly applied:
Get-ManagementRoleAssignment -Role "Mailbox Import Export" | ft Identity
krypted November 2nd, 2013
Posted In: Microsoft Exchange Server
One of the things that hasn’t changed in all these years with Exchange is Non-Delivery Reports. An NDR is an email that is sent when a message you send fails to go out. Exchange has had a consistent set of NDR status codes since version 5, just adding some here or there with changing technology (e.g. routing connectors, smarthosts, etc).
Exchange has a lot of NDR codes at this point. I keep a little list running in my collection of files I spotlight to find the answer to recurring questions (which happens to always be 42). When an email bounces in Exchange, these codes explain why without having to be overly verbose (usually the text is actually in the NDR but not in the error logs in Exchange). Anyway, my list:
If you’ve seen one that isn’t in my list, let me know and I’ll add it!
Finally, keep in mind: friends don’t let friends run their own mail servers.
krypted June 28th, 2013
Autodiscover automatically configures profile settings for Exchange clients. These clients include Microsoft Outlook 2007 or Outlook 2010, Outlook for Mac, Mail.app in Mac OS X, iPhone, iPad and ActiveSync enabled phones. Autodiscover is often made out to be complicated. There’s an Autodiscover service that gets installed when a Client Access Server (CAS) role is setup for Exchange 2010 in the form of a default virtual directory named Autodiscover for the default Web site in Internet Information Services (IIS). You then forward an autodiscover service locater record in DNS in the form of _autodiscover._tcp.
The virtual directory handles Autodiscover requests. But what about other vendors, and even for Exchange, how do you verify that it’s working correctly? If clients automatically configure then it’s working, obviously. But when it isn’t, what do you need to do? The most obvious step is to check that the DNS record responds appropriately. To do so, we can use nslookup. To use nslookup, run it from the command line, followed by the DNS name. For me.com, this might be:
But note that there’s not a response. This is because me.com doesn’t use _autodiscover (why would it, it’s not EWS/ActiveSync after all. But other domains that are configured for autodiscover would respond. For example, look at the output for 318.com:
Which looks like this:
Provided that the answer section is the address of the CAS Exchange server that sits in front of your organization (the one that runs the Autodiscover virtual directory in IIS) then you are more than likely off to a great start using autodiscover. If not, then that’s the first thing that likely needs to get fixed if you actually want clients to use autodiscvoer. Also keep in mind that you’ll want to check internally and externally, as you will likely have different domain names setup for these. I often find that people will configure the _autodiscover records in their public DNS but not in their private views. Also keep this in mind when acquiring SSL certificates for Exchange’s CAS instance.
Note: Autodiscover, as its implemented in Office Exchange clients, also has the ability to change configurations in Office on the fly as network settings change on internal networks (e.g. users get moved to different information stores, IPs of servers change, etc). This does not seem to work with Apple’s Mail. One could write a script to check for a change in the records nightly (or more frequently of course) if this is needed.
Sometimes the mail clients can interpret things differently than we do manually from the command line, including autodiscover. When the Apple Mail client is attempting to connect to Exchange, you can also get more information about the EWS autodiscovery process by capturing logs about it, not done by default, but invoked by firing up mail using the –LogEWSAutodiscoveryActivity option followed by a YES, as follows:
By reading these logs, you can learn way more than you ever wanted to know (or thought was possible) about Autodiscover. Given that Autodiscover is similar in iOS, most of this rings true in the Mail app there as well. However, given that you can’t view the activity in as granular a detail by invoking Mail through the command line, you can watch it in the logs in iPhone Configuration Utility while you’re setting up Mail, Contacts & Calendars in the Settings app, which should provide information about any connection failures.
While Autodiscover is awesome, you should still be able to connect without it. The only time I really both to troubleshoot Autodiscover itself is when I can install an account but I cannot get Autodiscover to eliminate the need for the second setup screen in Mail on iOS and OS X (possibly with the exception of Lion). If you can setup mail, but it requires two screens then the problem is basically always Autodiscover. If you can’t setup mail at all then the problem is basically never Autodiscover. Good luck, and hope someone finds this useful!
krypted January 6th, 2012
Today, Krypted.com turns 7. 9 books and almost 2,000 posts later, I seem to have slowed down a bit if you look at the last couple of months of postings. But I’ve been busy, just trying to get a few other projects finished, so I can get back to my normal writing-too-much self. These projects I’ve been wrapping up include:
krypted January 1st, 2012