Friday, 30 April 2010

The Client Access Server Role Pt2

OWA provides your users with a many features that resemble Outlook. These features can be turned on or off using the console or shell. These features are called segmentation options.

Disabling/Enabling Segmentation Options

[PS] Set-OWAVirtualDirectory "SRV215\OWA (Default Web Site)" -ChangePasswordEnabled $false

This cmdlet will turn off the users ablity to change passwords from OWA. The other features and cmdshell parameters are outlined below:

Feature                        Parameter

All Address Lists           AllAddressListsEnabled

Calendar                       CalendarEnabled

Change Password         ChangePasswordEnabled

Contacts                       ContactsEnabled

Email Signature             SignatureEnabled

ActiveSync Integration  ActiveSyncIntegrationEnabled
Journal                         JournalEnabled

Junk Email Filtering      JunkEmailEnabled

Notes                          NotesEnabled

Premium Client            PremiumClientEnabled

Public Folders             PublicFoldersEnabled

Recover Deleted Items RecoverDeletedItemsEnabled

Reminders/Notifications RemindersAndNotificationsEnabled

Rules                           RulesEnabled

S/MIME                     SMIMEEnabled

Search Folders            SearchFoldersEnabled

Spell Checker             SpellCheckerEnabled

Tasks                          TasksEnabled

Theme Selection          ThemeSelectionEnabled

UM Integration           UMIntegrationEnabled

Web Based Document Viewing

Users can open and view Microsoft Office and PDF attachments even if the associated applications are not installed on their computers. This is called web ready document viewing. Documents are opened and viewed using Internet Explorer.
To enable web ready document viewing for public and private computers do the following:

[PS] Set-OWAVirtualDirectory -Identity "OWA (Default Web Site)" -WebReadyDocumentOnViewingPrivateComputersEnabled $true
-WebReadyDocumentOnViewingPublicComputersEnabled $true

Saturday, 24 April 2010

The Client Access Server Role Pt1

The Client Access Server Role

Exchange Server 2010 now handles all client connections via the CAS role including connections made by Outlook MAPI clients. This connection type was previously handled by the mailbox server role. The CAS role now has the RPC Client Access Service which allows communication with AD and then the mailbox server. Having Outlook clients connect to the CAS role provides a significant improvement in terms of mailbox server failover.
Clients can connect to Exchange CAS using a number of different technologies which include:
  • Web based email (Outlook Web Access or OWA)
  • Mobile devices
  • Outlook Anywhere
Outlook Web Access

OWA is enabled by default and ready to go on CAS machines without any more configuration. However there are some changes you can make to optimize your experience.

OWA and External URLs

You should ensure that the CAS machine has an external URL assigned. This might have been configured during Exchange installation. The external URL should be the public DNS name that clients use to connect to the Exchange organization from the Internet. The external URL is used for redirecting connecting clients to a CAS server in the same site as the users mailbox. Here's how it works:
  1. Bob provides a url in his browser,
  2. The London CAS server queries AD and determines from the GC that the mailbox for Bob is located in Paris.
  3. The London CAS server determines from AD the Paris sites CAS machines external URL.
  4. This external URL is then given back to Bob,
  5. If Paris CAS does not have an external URL assigned, then the London CAS proxies the connection to the Paris CAS. Bob will stay connected to London and the London CAS will connect to Paris CAS on Bobs behalf.
To set the external URL for the CAS server, I highly recommend that you perform the action in the Exchange console:
  1. Open the Exchange Management Console and browse to the Server Configuration > Client Access Node
  2. In the action pane, click Configure External Client Access Domain option
  3. Enter the external DNS name and add the name of the CAS server that will be connected to use the name defined.
  4. Click the configure button to set the external URLs on the CAS machines. The Exchange control panel URL should also be automatically configured to use the same URL as defined here.
  5. Select the Exchange Control Panel Tab
  6. Select the ECP virtual directory and choose properties from the action menu
  7. Define the URL as the same value as above but make sure you use the virtual directory of /ecp instead of the /owa
The above method provides you with a single process to define the external URL and in my humble opinion should be used. However, the shell equivalent involves defining the external URL on a number of different virtual directories. Here's how:
  1. Set-OwaVirtualDirectory -Identity 'SRV215\owa (Default Web Site)' -ExternalUrl ''
  2. Set-OabVirtualDirectory -Identity 'SRV215\OAB (Default Web Site)' -ExternalUrl ''
  3. Set-ActiveSyncVirtualDirectory -Identity 'SRV215\Microsoft-Server-ActiveSync (Default Web Site)' -ExternalUrl ''
  4. Set-WebServicesVirtualDirectory -Identity 'SRV215\EWS (Default Web Site)' -ExternalUrl ''
  5. Set-EcpVirtualDirectory -Identity 'SRV215\ecp (Default Web Site)' -ExternalUrl ''
As you can see the GUI method is considerably easier. The VDs configured are OWA,OAB,ActiveSync,EWS and ECP.

    Redirect the Default URL to OWA

    A useful adjustment to the default OWA settings is to ensure that users are automatically redirected to the OWA virtual directory if they neglect to define /owa at the end of the external URL.

    To redirect users to the /owa virtual directory perform the following steps:
    1. Open the IIS manager from Administrative tools
    2. Browse to the default web site and in the work area double click the HTTP Redirect icon
    3. Check 'Redirect Requests To This Destination' and supply /owa as the destination
    4. Click the Apply button on the left
    5. This will inherit to all virtual directories contained in the default web site. These need to be unchecked. The inheritance should be removed for the following VDs
      Automatically use https

      It would be useful to ensure that https is used if users define http in the URL. If users forget to define https they receive an error message which could be confusing. Perform the following steps:
      1. Open the IIS manager from Administrative tools
      2. Browse to the default web site and in the work area double click the Error Pages icon
      3. In the actions pane click the add button to add a new custom error
      4. In the Add Customs Error Page dialog box, enter 403.4 in the status code field
      5. In the Response Action Box, click the option Respond With A 302 Redirect. In the absolute URL field, enter the complete HTTPS URL to OWA; eg. and click ok.

            Wednesday, 21 April 2010

            Recover Deleted Messages

            Exchange 2010 now allows you to recover messages that users have purged from their mailboxes. This is what happens when a user deletes a message:

            1. User deletes a message.
            2. The message moves to a 'Deleted Items' folder. At this point the user can see the deleted messages and can move the deleted message back to the inbox. This is known as a 'soft delete'. Messages can also be moved to the 'dumpster' by emptying the deleted items folder.This is a 'hard delete'.
            3. Message moves to the 'Dumpster'. This removes the message from view. Deleted item retention is 14 days by default. Users can still recover items by using the recover deleted items tool (right click deleted items in OWA and select 'recover deleted items')
            4. If the end user purges data from the "Recover Deleted Items" view (hard delete from the Recoverable Items\Deletions folder), the item will be moved to the Recoverable Items\Purges folder. The purges folder is a special folder that sits within the dumpster. The user will not be able to see the deleted message from this folder. However administrators granted the rights to perform 'discovery searches' can search through the purges folder and restore deleted items.
            Discovery Searches
            • Perform a discovery search for the item you need to restore. This first involves navigating a browser to https://servername/ecp. This is on the CAS role (ecp is the exchange control panel). Logon as the administrator for example. By default this account does NOT have the permission to run a discovery search.
            • Next to 'Select what to manage' select 'my organization' and select 'reporting'
            • You will probably see 'delivery reports' only. You require searching mailboxes. As mentioned you dont have the permissions to do this.
            • Select 'Users and Groups' and then 'Administrator Roles'
            • Select and double click 'Discovery Management'
            • Add the Administrator account and click save
            • You will have to log out and back in again but under reporting you will see 'Mailboxes Searches'. Select this.
            • Select 'New'. As you can see there are a number of search methods. Select mailbox to search and select the user mailbox that has purged deleted items.
            • Provide a search name
            • Select 'Select a mailbox in which to store the search results' and choose the 'Discovery Search Mailbox' and click save.
            • After the search has completed (you may have to refresh) select the link that says open by the results output on the right hand side.
            • If you cant open the discovery search mailbox, you will need to grant the administrator access to it by typing in the following:
            [PS] Add-MailboxPermission DiscoverySearchMailbox -User administrator -AccessRights FullAccess
            NB. I changed the alias of the mailbox to this simpler name

            • You should now be able to open the discovery search mailbox. Once opened, navigate on the left to the search name and open the sent\deleted items folder. You should be able to find the item that was purged.
            • Create a new folder in the discovery search mailbox. This could be called Andrew's recovered mail for example. Drag the purged item into this folder
            • Open the shell and type the following:
            [PS] Export-Mailbox DiscoverySearchMailbox -IncludeFolders "Andrews Recovered Mail"  -TargetMailbox
            Andrew -TargetFolder "Recovered Mail"

            Andrews mail should now be restored in his mailbox in a folder called Recovered Mail. You could also forward the message to Andrew instead of exporting.