Microsoft Exchange and Remote Desktop Services Specialists

SEMblog

Microsoft Exchange Server and
Blackberry Enterprise Server news, views and fixes.

Three Rules of Microsoft Licensing

I have been posting these three rules of software licensing in various forums for a couple of years now, so it made sense to include them here.
Purchasing software licenses for Microsoft products is daunting, with multiple choices and schemes available to you. However as long as you consider these three rules, you shouldn't go too far wrong.

  1. Get at least three opinions, including one from Microsoft.
    Even some people at Microsoft don't understand all the options, so if you aren't sure on something then make sure that you get three opinions. 
  2. Get in writing.
    Without it in writing, it is worth nothing if you are audited. 
  3. The most expensive option will be the correct one.
    That is pretty obvious I think.

It will not make licensing any easier, but it will help you sleep at night in the knowledge that you have at least tried to do the right thing.

Out of the Office Messages to the Internet

When setting up the Exchange server, you need to consider whether to allow Out of the Office Messages (OOTO) to the internet or not.
These are not sent to the internet by default on Exchange, you have to actually go in to the system and set the option.
However should you enable the option?
Some people consider them to be important, others a hindrance.
If you are a member of any email distribution list, then you will almost always get at least one out of the office response if you post to the list.
The decision on enabling OOTO messages to the Internet is probably not something for the Exchange administrator to decide. As they can play a part in the internal business processes, it should be considered by the management of the business to ensure that they fit in with those processes.
Remember that internal OOTO messages are not affected and will always be sent.

What are the issues with OOTO?

There are a number of key issues that need to be considered when the OOTO status is being reviewed.
There are four major issues with OOTO messages.

  1. Security.
    The OOTO message could contain information that the person receiving it shouldn't have. Mobile phone numbers, names and numbers of other contacts in the company etc.
    The message could also indicate that the person is out of the country, whether on holiday or on a business trip. It is clearly identifying that the home is empty. If the staff member is a director, then their home details could be easily discovered, and the home broken in to shortly afterwards.
  2. Technical issues.
    Not so much an issue with OOTO on Exchange, but other systems will use automatic replies instead of an OOTO system. These can cause email loops. The message bounces back to someone with an automatic reply and then bounces back in, and back out and so on. Eventually one server will crash. 
  3. Guaranteed Response
    Any spam gets a response. That confirms the address is live and means more spam.
  4. Can leave a bad impression on the recipients.
    If any staff are members of distribution lists then these lists may get the OOTO messages. These are just annoying for list members.
    Some people consider OOTO to be poor business behaviour as the are effectively saying that no one else is monitoring your email. You should get someone to monitor your email while you are away from the office, in case something important does occur

What can you do about OOTO?

While it is considered good practise to have OOTO and other automatic replies and forwards disabled to the Internet, this is not always practical to fit in with the business practises.

  • Review whether you need to have OOTO going out to the internet. If better practises can be adopted, such as team members monitoring the email, then those should be used instead. 
  • Standardise on the message that is used in an OOTO. Make sure that it states that you are unable to read email and who to contact instead. Give a general phone number - switchboard etc as the contact instead of a direct number or mobile.
  • As an Exchange server administrator, make sure that you have made the registry change to suppress OOTO messages. http://support.microsoft.com/default.aspx?kbid=825370
  • If you have specific external clients who you would like to receive OOTO messages, then you can enable them on a per domain basis.
    Open ESM and choose Global Settings, Internet Message Formats. Right click in the right pane and choose New, Domain. Then enter the information as required. The SMTP domain is the name after the @ sign.

Whichever decision is made, ensure that the staff know which method is being used. If the OOTO is being kept for internal use only, then the messages used can be tailored for that audience.

Future - Exchange 2007

The OOTO behaviour in Exchange 2007 is much improved, with more control over the message, including different messages depending on whether people are in your contact list. The OOTO can be programmed ahead of time to be turned off when you are due to return, instead of having to remember to disable it.

Mailbox Limits

There has been some chatter in a number of forums on setting mailbox limits. 

  • How big they should be 
  • Should they be used at all 
  • Good practise to work with limits.

One of the first questions people ask is whether there is anything official from Microsoft on limits of mailboxes. At the time of writing there are only broad recommendations. 
That would be like a car manufacturer telling you how fast you can drive your car. The only limit is its top speed (the size of the Exchange database).
Setting mailbox limits depends on many factors, and the sizes used are different for every company. You may need to have different limits for different people.
When deciding on the limits, some of the factors you need to consider are:

  • number of users 
  • number of servers 
  • amount of disk space 
  • regulatory or legal requirements 
  • types of messages being sent.

A 100mb limit might be good for sales people, but marketing or designers who often move around large files might require a larger limit.
You may also need to have larger limits for VIPs, who will often demand the larger limit "because they can".
In all cases, the maximum limit you can set though the GUI is 2gb. If you want mailboxes to go larger than that then you have to use adsiedit.msc. If you don't have access to that tool, they will have to be unlimited. 

Mailbox Limits Good Practises
When I deploy limits I always limit down, not open up. The global limit is the largest that anyone can have (is effectively the default) and then users or groups are limited down from that point. It provides a simple safety net in the case of a problem.
Even if the client isn't using limits, I will often set a global soft limit of 1gb, which puts a check in place in case any mailboxes get out of control. If the mailboxes are small, then it can be set to a hard limit.

Managing Limits
The easiest way to manage limits is to use separate storage groups and databases. This is only available in Exchange Server Enterprise edition. Try to avoid setting limits on individual mailboxes as this increases the administration of the system.
If you are on Exchange standard edition or SBS and want to vary the mailbox limits, you will need to set them on each mailbox. Use a tool like admodify.net to set the limits in bulk.
Remember to limit down rather than open up.

Hard and Soft Limits
I have already mentioned these two types of limits.
A hard limit stops the user from doing anything with the mailbox until they have removed some content.
A soft limit simply sends tem messages saying that they are over the limit.

Mailbox Limits Drawbacks
Mailbox limits will not solve a email storage problem.
If you place limits on mailboxes then you will always have the "pack rats" who want to keep everything. They will then move their email to PST files, which are even worse.
An email message stored in a PST file will use up to three times the space the messages does within the message store.
You will also loose single instance storage, which could further increase the size of the PST file. Consider this - if you send a 5mb attachment by email to 10 people, then it takes up 5mb in the Exchange server due to single instance storage. It will use at least 50mb when stored in PST files.
Then there are problems with backing up the data - a PST file is very difficult to backup. It shouldn't be stored on the network, and if the file is open in Outlook, then it will be locked.
 
Alternatives to Mailbox Limits?
If you want to limit the amount of email that users store in their live mailbox, but don't want them to use PST files, you need to look at deploying an additional application.
An ideal tool would be a journaling application such as GFI Mail Archiver. This stores a copy of every email that passes through your server and stores it in an SQL database. Users can then get access to those messages and get a copy sent to them so that they have it in Outlook.

Archiving Email
The term archiving is being used by the software industry to refer to two very different practises. You need to understand those differences, then select a product that meets your needs. 

  • True Archive Product.
    This is an application that sits in the background on your Exchange server and extracts automatically old content and stores it elsewhere. A tag is left behind in the mailbox that points to the alternative location. As far as the user is concerned, this is transparent.
    This type of product is no good for regulatory use, as it still allows the user to tamper with the email message. 
  • Journaling Product.
    This is a product that takes a copy of every message as it passes through the server. It does not touch the mailboxes in any way. Users need to manually manage their mailbox content, confident that they can get a copy of any message back from the database.
    Ideal for regulatory use as it stores a message is SQL which can show when the item was last modified.

Windows Mobile Emulator Released, with MSFP Images

Microsoft have released the Windows Mobile emulator as a finished product. It was a Public Preview in the past.

Along with the emulator itself, they have also released images for Windows Mobile 5.0 containing the MSFP firmware upgrade, so you can now test almost all features for yourself. The one feature that doesn't work is the push technology, as this requires a mobile phone connection. However all other aspects work as they do on a full installation.

Download links are below.

One point to note - unless you have Virtual Server or Virtual PC installed on the machine, you will need to install the VPC driver (link also below). However after installing this driver it is not enabled. You have to go in to the properties of your Ethernet card and enable the option.

The application still has a problem if you have a regular Windows Mobile device connected at the same time as you start the emulator, so make sure that it is disconnected before starting if you want the emulator to see your network.

Download Links.

Emulator Installation and MSFP images

http://www.microsoft.com/downloads/details.aspx?FamilyID=c62d54a5-183a-4a1e-a7e2-cc500ed1f19a&DisplayLang=en

Virtual Machine Network Driver
http://www.microsoft.com/downloads/details.aspx?FamilyID=dc8332d6-565f-4a57-be8c-1d4718d3af65&displaylang=en

Windows Mobile 2003 Second Edition Emulator Images (Required validation)
http://www.microsoft.com/downloads/details.aspx?FamilyID=5c53e3b5-f2a2-47d7-a41d-825fd68ebb6c&DisplayLang=en

Related Links @ amset.info
Windows Mobile 5.0 Emulator: http://www.amset.info/pocketpc/wm5emulator.asp
SSL Certificates on Windows Mobile: http://www.amset.info/pocketpc/certificates.asp

Emulator with MSFP/AKU 2.0

The Windows Mobile 5.0 Emulator preview is an invaluable tool if you have to support Windows Mobile 5.0 devices. However, to date, (April 2006), the only image that has been released with the latest software has been a landscape Smartphone (see here: http://blog.sembee.co.uk/archive/2006/04/09/10.aspx). Smartphones don't make very good emulators, and their functionality is very limiting compared to a full Windows Mobile device. 

However, one of their OEMs has released an image, but this is a little more difficult to get hold of. Not only that, but the image is for one of the most popular Windows Mobile devices in the USA.

The PALM Treo 700w.

Getting the Image

There is a little more effort required to get the emulator files for the Palm Treo 700w as it it is tucked away inside their developer programme.

Therefore you need to join their developer programme, which is free of charge. It requires a working email address as they send you the login information by email.
http://pluggedin.palm.com/regac/pluggedin/index.jsp

Once you have become a member, go to the Treo 700W page and download the 26mb zip file. After unzipping the file, you will find a single MSI.

Unfortunately, like the SDK from Microsoft, this MSI requires the presence of Visual Studio to install.
This isn't a major problem. As you may have read on my web site, I have a technique to break in to the MSI file and extract the files that you need.
http://www.amset.info/pocketpc/wm5emulator.asp

Once you have extracted the contents, get the bin file from the folder "0409" and the skins file from the folder Treo700w1-10 (should be an XML and some image files). Put them in the same folder, somewhere easy to remember as you need to enter the path in to a command line.

Using the Image

Once again, it requires a command line start of the Emulator. Here is a sample, where the bin file and the skins have both been dumped in to the same folder, called 1, in the root of the C: drive:

C:\>"C:\Program Files\Microsoft\Device Emulator Preview\DeviceEmulator.exe" "C:\
1\nk.bin" /skin "C:\1\Treo700w.xml" /p /memsize 256 /s "C:\Program Files\Microsoft\
Device Emulator Preview\treo700w.dess"

Command lines as my previous blog posting, but in case you are reading this standalone:

/skin is the location of the XML file. Enclose in " if the path contains spaces.
/p enables the NE2000 network card
/memsize is the amount of RAM allocated to the device. 256 is the max
/s is the place to save the image

All other options outlined on my web page at amset.info apply to the image as well.

Notes and Observations

Make sure that you give it more than 64mb of RAM, as per my command line above. Less than that and everything doesn't load correctly.

It appears that the actual push functionality doesn't work, which is not surprising as push only works over a mobile phone connection, which the emulator doesn't have. All other functions work correctly.

I was able to get SSL certificates installed on the device, so if you need to import one then this shouldn't be too difficult. Use the Storage Card trick (on the page at amset.info linked above).

E12 (aka Exchange 2007)

One last word - this image works wonderfully with E12. On my Beta system it connected straight away, did the online lookup to the GAL and basically everything worked as it should.