Lukas Beeler's IT Blog

Many SMB setups i’ve seen still use the included POP3 Connector to receive mails. Microsoft’s POP3 Connector is included in Small Business Server, but not in regular Exchange installations (this was different with Exchange 2000). That’s actually a good thing, because non-SBS customers can’t use POP3.

The POP3 connector included with SBS 2003 sucks – it can only poll at 15 minutes intervalls, which makes for unnecessary delays. It’s nasty to debug, and setting up new accounts means doing the work twice.

SMTP has a few requirements over POP3, which is why it sometimes not used

• A static IP Address (Dyndns is okay for Home setups)
• A rudimentary knowledge of DNS
• A port forwarding from your router

When sending out mails, you should still use your ISP’s Smarthost. The reasons for this are several

• Sending out big files to multiple addresses will take ages from a standard broadband connection
• Even static ip ranges might be blacklisted and filtered as spam

On the other hand, you will lose a bit of control when using your ISPs smarthost. It’s best to make your own judgment.

Image this: You’ve setup a new machine, running Exchange 2003, installed Backup Exec with AOFO, and start running your backups. Everything works fine.

A few days later, the clients calls you, telling you that Exchange is no longer working. You connect to the machine through VPN, and see that the log partition (you do have log partition, don’t you?) ran full. But you have properly set up your backups and everything. But the log files don’t get deleted.

When using Backup Exec with the Advanced Open File Option (AOFO, Snapshots), BE might not delete the backed up exchange database logfiles.

The culprit here is the option “Process logical volumes for backup one at a time” option.

When you activate this option, BE will no longer delete your Exchange logfiles. I do not really understand why this is the case, but i was able to get it to work fine without this option, by shutting down some services in preparation to preparing the snapshots.

DATALINE AG uses E-Mail addresses in the style f.lastname@domain.tld – i was rather irritated that the MMC console of Exchange 2007 didn’t offer a way to create custom address templates. Most of the advanced functionality is now PowerShell only – which i don’t see as a bad thing, it just takes some time getting used to.

Set-EmailAddressPolicy -Identitiy 'Default Policy'
-enabledPrimarySMTPAddressTemplate "%1g.%s.@exchange2007.local"

And there it already is. You even view this from the MMC, but you can’t change it. I still hate the PowerShell tab completion – it just doesn’t offer as many features as the zsh i’ve customized over the years.

RPC-over-HTTP or Outlook Anywhere as it is called in Exchange 2007 offers users a way to access their E-Mail using Outlook securely from anywhere in the World, without using a VPN connection.

If you’re using Microsoft’s ISA product line at your border, then you’re fine. ISA works just fine with RPC over HTTP. However Apache’s mod_proxy doesn’t support passing along the proprietary RPC_IN_DATA and RPC_OUT_DATA.

There are other proxies which support it, like Pound, however Pound doesn’t allow SSL-Backend connections, leaving plaintext passwords in your mostly-trusted-lan.

In the end, i gave up and published a seperate IIS website directly to the web. For this, i created a new IIS website, assigned it to a random port, added the proper port forwardings on the gateway, and added just the RPC directory to this new site, and exposed it only through HTTPS. I think this is as good as it gets.

If you don’t know how to move these virtual directories yet, it is quite simple. Right click the directory, select “All tasks”, select “Export to a file”, and then go to the new website, right click on it, select “New” and then “New virtual directory (from file)”. Quite easy – if you know where to find it.

If you’re having trouble getting RPC over HTTP to work, here are two tips:

• Make sure that the certificate for the RPC over HTTP server is trusted by the client. For laptops in your domain, this is usually automatically the case, because of group policies. With home offices, this is usually not the case. Outlook does not give you an error message regarding this problem.
• Start outlook.exe using the /rpcdiag switch. This allows you to see how outlook establishes the connection.