Ways Outlook Web Access 2010 ROCKS - Part 4 of Many

Wow. Being able to delete 282 unread emails with the same subject has NEVER been so easy. OWA 2010 from Exchange 2010 includes conversation view, which allows you to do this� and yes, that is a right click context menu in IE, Firefox, or Safari.

Outlook 2010 and Text Messaging

Again, this is not really an Exchange 2010 feature, but an Office 2010, Outlook Mobile 6.1, and Exchange 2010 Activesync feature. I blogged last week about this particular integration into Outlook Web App. This is what is looks like in the new Outlook 2010 Beta, included in the public Office 2010 beta program. The integration here is seamless, and while in meetings and roaming with my laptop, I am able to send and receive texts to my inbox!



Obviously, a majority of my contacts are on email, but one of the upsides of living in the middle of Texas is that I can get grass fed beef locally, and while I was in a meeting today, I was able to get this text message from my phone that I left in the car. And a nice little phone icon to differentiate from emails!

Exchange 2010, Outlook Mobile 6.1 and Text (SMS) Messaging

One of the new Client Access Role features of Exchange 2010 is SMS messaging. The first thing to know about this� Exchange did not learn to speak SMS. Exchange doesn't dial a modem. Exchange doesn't do SMS, per se. Exchange does do Activesync. And the Activesync and Windows Mobile team made this possible. Activesync actually sends/reads/synchronizes text messages to your phone. So when a text is sent, it's sent from your phone because Activesync told it to!

First, lets talk environment. Exchange 2010 RTM, Windows 2008 R2. Mailbox and CAS are 2010. The mobile device is a Windows Mobile 6.1 - This requires a Windows Mobile 6.1 or better device. No iPhone, no Blackberries have this functionality.

Install Outlook Mobile 6.1 on your WM 6.1+ device - Download from Microsoft at: https://update.outlook.com/cabs/OutlookLiveSetup.cab

Thanks to Mike here for this link: http://evangelyze.net/cs/blogs/mike/archive/2009/10/06/wm-6-1-outlook-mobile-update-for-exchange-2010.aspx

Configure Acticesync to your Exchange 2010 CAS server(s), and the next time you go into text messages, your device will prompt you asking if you want to sync texts with Outlook. When you accept this, you will get an email like this one:

The link for this is: http://help.outlook.com/en-us/140/dd251212.aspx

When you log into OWA (or Outlook 2010 when available) you can send texts to contacts from OWA:

Exchange uses Activesync to instruct your device to text on your behalf.

When a reply is received to your phone, the next activesync (aka, when you get an email) will pull that text into your inbox:

Users can disable/turn off/edit this feature in OWA options:

Of course, this can be disabled entirely for all users of a CAS server using:

set-owavirtualdirectory -TextMessagingEnabled:$false

Or this can be disabled per user using new Exchange 2010 OWA Mailbox Policies!

Implementing integrated OCS in Exchange 2010

This entry is to show you how to integrate OCS 2007 R2 into your Exchange 2010 OWA experience. This is based on the following Technet article:
http://technet.microsoft.com/en-us/library/ee633458%28EXCHG.140%29.aspx

First, download and extract OCS 2007 R2 Web Trust Tool from http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=ca107ab1-63c8-4c6a-816d-17961393d2b8 Running and installing this will only extract these additional files. Each of these will need to be installed on each CAS server in your environment that you are enabling OCS Messaging on. Remember, there is no right click run as Administrator for MSI's - so run from an elevated command prompt if needed!

• Install the vc_redistx64
  
• Install UCMAredist.msi
  
• Install CWAOWASSP.msi
  

On your Exchange 2010 CAS server(s), edit c:\program files\Microsoft\Exchange\V14\ClientAccess\Owa\web.config - look for the IMPoolName field. Update the webconfig file as follows:

Field	Insert Value From	Example
IMPoolName	FQDN of OCS R2 Pool	ocsr2pool.domain.local
IMCertificateIssuer	DN of Issuer	CN=DigiCert Global CA, OU=http://www.digicert.com/, O=DigiCert Inc,C=US
IMCertificateserialNumber	Serial Number	01 F9 4E 46 AA 3C 4C 9E BD 8F 2C (include spaces between octets!)

Look for this:


And based on this (where thumbprint is the certificate your CAS server uses for IIS)
Get-ExchangeCertificate -Thumbprint BJBHDS78FG6D8GFYH49SDF34TH9 | ft Issuer, SerialNumber, subject

Change to this:


The "subject" gives us the common name that we use in a bit to configure OCS.

Additionally, if your Issuer has funky characters, you need to replace them as they will break your web.config file, causing generic IIS errors. Just removing those characters will make for application event log errors that the certificate was not found in your certificate store.

Since the web.config is an XML file, and you need to use XML character special escapes

entity	character	meaning
"	"	(double) quotation mark
&	&	ampersand
'	'	apostrophe (= apostrophe-quote
&lt;	<	less-than sign
&gt;	>	greater-than sign

So if your SSL provider's issuer field causes you a problem here, this should help you work around it.


In Powershell, configure OCS:
Get-OWAVirtualDirectory -server SERVER | set-owaVirtualDirectory -InstantMessagingType 1

(The above line *did* say -InstantMessagingType OCS, but RTM documentation says 1 for OCS - thanks to Brian Day for this!)

Restart IIS (IISreset is fine)

On your OCS R2 Pool server, under the server properties of your pool, on the Hosts Authorization tab, you need to add the Client Access server. This can be FQDN or IP. If you use FQDN, OCS will additionally authenticate the FQDN against the certificate names - the FQDN here has to match the "subject" we found above (NOTE: Not the whole string, just the FQDN common name given in the subject) Additionally, you can choose to use FQDN and then use a hosts file to ensure that OCS is communicating with the correct server/IP.





Now I am able to log into OWA 2010 and get the light CWA client as well:


Upper right allows me to see and update my presence, as well as see how many IM conversations I have active and switch between them as well.

Exchange CAS and the DMZ

This is really just to promote this posting on the MS Exchange team blog, which highlights planning for Client Access Roles and why MS no longer supports the "front end" in the DMZ. I have had several customers that have configured Exchange 2003 and prior with their CAS in their DMZ, and while it makes for an overcomplicated firewall configuration it is supported, however, support for this ended with Exchange 2003, and Microsoft finally wrote up some very good talking points on why this is no longer supported in Exchange 2007 and 2010.

Exchange Remote Connectivity Analyzer out of beta!

More info at the MS exchange team blog!

Shawn and Brad work hard everyday on the RCA tool, taking input from Exchange administrators, consultants, and the product development and support teams to build a tool that will help anyone work through Exchange connectivity issues. Great tool, great guys, and they are really responsive. The newest updates (specifically the CAPTCHA) is a big win for everyone!

https://www.testexchangeconnectivity.com/

I also really like the ability to manually specify server settings. Great work guys!

Preparing for Exchange 2010 Client Access

One of the neatest features of 2010 is the ability to allow it to be the "front end" forms based authentication for all users. It can pass off the authentication and user to your legacy OWA server as well. You just need to configure your Exchange 2010 OWA virtual directory with the correct URL path:

Get-OwaVirtualDirectory -Server exch2010RC Set-OwaVirtualDirectory -Exchange2003Url "https://owa.swinc.com/owa"

Once that is configured, legacy mailbox users are passed off to the URL given (and are NOT re-prompted for authentication, either!)

Ways Outlook Web Access 2010 ROCKS - Part 3 of Many

Another single screenshot with multiple product feature notes.

• Although working in Exchange 2007 as well, the password change prompting is still awesome (if you are on Exchange 2003 or prior, web based password change was available, but additional configuration work)
  
• The filter by is an awesome way to sort and manage your inbox.
  
• There are no more sorting though "pages" of email in OWA. So one scrollbar that allows you to scroll past ALL email in a folder. (OK, Not quite pictured)

Outlook for Mac OS coming soon, Entourage EWS out now!

The previously known as Entourage EWS beta has evolved into Outlook for the Mac, coming Sept 15th, 2009.

Lots more info at:
http://www.microsoft.com/presspass/press/2009/aug09/08-13MacOutlookPR.mspx

If not paying for things is your bag, the Entourage EWS client is now publically available at:
http://www.microsoft.com/mac/downloads.mspx?link_name=downloads

I have a customer that just went SBS 2008 and have a lot of MacOS machines, and I am hoping this solves a few of their issues.

OWA 2010 and Mail Tips

One of the most impactful Exchange 2010 Client Access features are Mail tips. There's a lot more info and examples of what they can do at the MS Exchange Team blog here:

http://msexchangeteam.com/archive/2009/04/28/451193.aspx

You configure Mail Tips via Powershell. These are organization level changes. You can view them using Get-OrganizationConfig and configure settings using Set-OrganizationConfig.

Unfortunately, the Exchange 2010 documentation does not at this time have documentation for each of these fields, but this is the link in case this posting dates it self.
http://technet.microsoft.com/en-us/library/aa997443(EXCHG.140).aspx

MailTipsExternalRecipientsTipsEnabled		Default: False This enables Mail Tips for reply/all including an outside the organization user
MailTipsLargeAudienceThreshold		Default: 25 This is the limit at which the "large audience" mail tip is displayed. Larger organizations will likely want to bump this number North.
MailTipsMailboxSourcedTipsEnabled		Default: True This is what controls if an auto-response or out of office appears as a mail tip.
MailTipsGroupMetricsEnabled		Default: True This is the service that does group metric counts for groups and nested groups
MailTipsAllTipsEnabled		Default: True This is the main setting to enable/disable mail tips entirely.

Additional things to know

• MailTips only work on Outlook 2010 (not yet released) and OWA 2010.
  
• Unfortunately, custom logic mail tips are not available in the upcoming Exchange 2010 release. The above options are the extent of MailTip customization

Ways Outlook Web Access 2010 ROCKS - Part 2 of Many

Tonight I used Robin's Macbook Pro and Firefox to use OWA. Granted, I had to ask how to take screenshots, but I am a MS person, so it's not that shocking. It's REALLY refreshing to see the OWA experience carry through cross platform.

Ways Outlook Web Access 2010 ROCKS - Part 1 of Many

A few things on this single screen shot:

1. I am in Firefox
   
2. I just pasted my rich text format signature!
   
3. You can see from the URL that I am using /ecp, for Exchange Control Panel
   
   
   

Exchange 2010 New Exchange Certificate GUI Wizard

In Exchange 2007, certificates were a thing for powershell. I personally relied on www.digicert.com's CSR generator to build MOST of my certificates for customers to ease the pain of this. Apparently this hit Microsoft's radar and in 2010, this has been addressed with the certificate wizard. In the EMC, this is located at the root of the Server Organization (since a valid certificate can be applied to both HT and CAS activity, this makes the most sense.

Clicking on New Exchange Certificate, we are presented with a series of questions.

1. Friendly Name - this can be anything you want "Chris Lehr cert" to the same as common name to "Exchange 2010 test cert" - whatever helps you recognize it.
   
2. Domain Scope - One option here, do you want a wildcard certificate? If you do, you skip the next step.
   
3. Exchange Configuration - I will screenshot this because it is pretty impressive. You get to run through the different certificate needs, what you will use, and what names (internally and externally) will be used. This then builds the certificate request for you.
   
   

   
   

   You can pick and choose the names as you select items you decide to use.
   

4. Organization and Location - be sure to use information matching your domain registration for any externally facing domains. Also, you can specify the certificate request file path here.
   
5. Review Settings and complete.
   

We utilized www.Digicert.com for a SAN cert again, and when I imported the certificate request on their website, I noticed the cert request included several domain names for autodiscover of other domains we host (that we did not need autodiscover for) - this particular certificate vendor allowed us to remove names from the certificate before issuing to keep our cost down. Some other vendors add names NOT in your request. Some will only issue exactly what you ask for (and that your registrar administrators approve)

Exchange 2007 with Entourage 2008 will use EWS!

Finally!

Entourage users have been forced to use the "mostly" backwards compatible from Exchange 2003 WebDAV to do Exchange connectivity. In Entourage 2008 Beta, this changes to Exchange Web services.

From the Exchange team blog:

The Office for Mac folks over in the Mac Business Unit have announced availability of the public beta of Entourage for Exchange Web Services.

Exchange Web Services is a modern, robust protocol that enables client applications to communicate more efficiently with the server running Microsoft Exchange Server 2007 SP1 with Update Rollup 4 or later.

Besides saying goodbye to WebDAV, used by earlier versions of Entourage to access Exchange, Entourage users can now synchronize Tasks, Notes, and Categories with Exchange Server. Recipients can be resolved against the Global Address List (GAL) using EWS/HTTP, and improved AutoDiscover functionality to keep account settings up-to-date after setup.