Exchange Server Deployment Assistant–Now with Clouds & Cross-Premise

The Microsoft Exchange Server Deployment Assistant now support Cloud and On-premise + Cloud deployments in addition to On-premise only. This is pretty exciting and will be a great boost to help those looking to upgrade to cloud or hybrid Exchange solutions.

You will need to have Exchange 2010 CAS role on-premise to migrate or to setup a cross-premise deployment. For now only Exchange 2003 is live, with 2007 and 2010 to come soon.

Exchange Server Deployment Assistant:


The tool walks through setting up DirSync and ADFS 2.0 to support identity federation. So if you are considering Office 365, another hosted solution or just a plain old on-premise upgrade head over to the tool.

On a related note, I am pleasantly surprised by the number of organisation I come across now using Microsoft Online Services ranging from small to very large.

Daniel Noakes

Windows Media Format SDK for BES on Server 2008 without Desktop Experience

If you have installed BES on Windows Server 2008 you should have installed the Desktop Experience feature to install Windows Media Player and the Windows Media Format SDK 11 (WMFSDK11) runtime to support audio attachments.

If you have a requirement preventing the Desktop Experience feature being installed you can run the following from an elevated command prompt.

Windows Server 2008 x64
pkgmgr.exe /ip /m:"%windir%\servicing\Packages\Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~amd64~~6.0.6001.18000.mum"

Windows Server 2008 x86
pkgmgr.exe /ip /m:"%windir%\servicing\Packages\Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~x86~~6.0.6001.18000.mum"

Windows Server 2008 R2 x64

pkgmgr.exe /ip /m:"%windir%\servicing\Packages\Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.mum"

I suggest always installing the Desktop Experience feature. This should be run with elevated privileges from Windows PowerShell.

Windows Server 2008 (command prompt)
ServerManagerCmd –i Desktop-Experience

Windows Server 2008 R2 (Windows PowerShell)
Import-Module ServerManager
Add-WindowsFeature Desktop-Experience

Daniel Noakes

System Center Data Protection Manager 2010 QFE Rollup [KB 2250444]


A new hotfix roll up is available for DPM 2010 and has been published here, The support KB2250444 is here,

This hotfix rollup resolves the following issues:

  • You cannot protect the Microsoft Exchange Database Availability Group (DAG) on a secondary DPM 2010 server.
  • You are prompted to restart a client computer after you install an agent on the client.
  • DPM services crash, and you receive the error, "Unable to connect to the database because of a fatal database error."
  • MSDPM crashes, and event ID 945 is logged in the event log.
  • When you change a Protection Group, add a very large database, change the disk allocation, and then commit the Protection Group, DPM 2010 does not honor the user intent, and instead, DPM 2010 sets the sizes of replica and shadow copy volumes to the default sizes.
  • The Management tab does not link to information about the latest Microsoft Knowledge Base article for DPM 2010.
  • You receive the message, "Computers not synchronized," when you try to replicate DPM 2010 databases to a System Center Operations Manager.

I have encountered a few of these.

Daniel Noakes

BES 5.0.2 & Exchange 2010 SP1 /Hosting

Before installing BES for multi-tenant Exchange 2010 SP1 /hosting you should read the following resources. You should also have deployed Exchange 2010 SP1 RU1.
This is a work in progress (so I don’t forget), so please check back for updates and corrections. Feel free to add comments or give me your experiences. There is also a forum running here,
BES 5.0.2 & Exchange 2010 SP1 RU1 /hosting:
BESX 5.0.2 & Exchange 2010 SP1 RU1 /hosting:
Post installation there are some other changes to make.
There is an additional step to configure BES 5.0.2 to work without public folders:
To restrict lookups follow this guidance:
You may also want to consider using LDAP instead of MAPI to lookup users, this will require a common attribute unique to users within each tenant organisation:
Using the above information, plus the standard installation guidance I have been able to install BES and add users.
Hopefully BES 5.0.3 will help us all out, maybe even an interim hotfix. I also recall that an MS update was required, but have a feeling this is included in Exchange 2010 SP1 RU1 - I could be wrong though.
Daniel Noakes

Exchange 2010 SP1 with BES 5.0.2

If you are deploying Exchange 2010 SP1 and have BES you should head over and read the Installation and Configuration Guide -

The guide covers most steps including configuring BES to run without public folders. There is one additional step to allow BAS to retrieve user information and is described in KB24470, Cannot add users to the BlackBerry Enterprise Server 5.0 in an environment that includes Microsoft Exchange 2010 SP1 -

The workaround for now is to set the CONNECT_IGNORE_NO_PF flag in the MAPI profile for the BlackBerry Mail Store Service in the following registry key.

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\BlackBerryServer\13dbb0c8aa05101a9bb000aa002fc45a

Locate the key 00036604 and change the second byte value to 80.

The examples provided are:

  • If the value is currently set to 04 00 00 00, change it to 04 80 00 00 (see screen shot for example)
  • If the value is currently set to 02 00 00 00, change it to 02 80 00 00

A restart of the BlackBerry Mail Store Service completes the workaround.

Daniel Noakes

Remote Desktops MMC - Remote Server Administration Tools for Windows 7

If you like the Remote Desktops snap-in and are running Window 7 you will need to download the Remote Server Administration Tools for Windows 7 from

After it has been installed you can turn the feature on.


Daniel Noakes

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930): November 9, 2010

A critical vulnerability for Outlook has been reported, It appears to affect All Outlook versions including Outlook 2011 for Mac and Entourage.

A specially crafted RTF email message when previewed or opened could allow an attacker to gain the same rights as the logged on user. If you have followed best practice and segregated administrative roles out the risk is somewhat reduced.

Microsoft have recommended to apply the update immediately.

BES Express for Microsoft Exchange 5.0.2 MR 1

If you are using BES Express for Exchange Server you should check out, BlackBerry Enterprise Server Express for Microsoft Exchange Version 5.0 Service Pack 2 Maintenance Release 1.

This maintenance release should be tested and installed on to computers hosting BES Express, BlackBerry Administration Service, BlackBerry Attachment Service, BlackBerry MDS Connection Service or the BlackBerry Router.


Fixed Issues

“(DT 838289) In the initial release of BlackBerry® Enterprise Server Express 5.0 SP2, users with BlackBerry® devices running
BlackBerry® 6 are not be able to browse to their organization's intranet sites. This occurs because BlackBerry 6 handles browser
transport selection using a different method than previous versions of the BlackBerry® Device Software.”

“In BlackBerry Enterprise Server Express 5.0 SP2 MR1, the MDS Browser Domains IT policy rule has been added. You can use
this IT policy rule to specify the domain of your organization's intranet sites. After you apply the IT policy to BlackBerry devices,
users with devices running BlackBerry 6 can browse to the domains that you specified.”

Using Autodiscover During a Migration

I came across the Autodiscover and Migration Issues post on the Blog. It discusses a few options for working around Autodiscover issues when migrating between Exchange Orgs, typically to and from Hosted providers.


For some time now I have been using another method, which works very well and is great for longer term co-existence.

The Procedure

1. Setup DNS (private and public) for a sub domain on target Exchange Org and mailboxes. E.G.;; and

2. Migrate the data.

3. Convert to a Mail User (strip the mailbox, retain proxyaddress etc) in the source Exchange Org.

4. Add the targetaddress (“External E-mail Address”) and proxyaddress to in the source Exchange Org.

This works because Autodiscover will fail on SCP records, but continue with other steps until it uses the targetaddress and will successfully connect to


Below: Outlook 2010 using Autodiscover to resolve on an premise AD user to Hosted Exchange mailbox.



Below: Outlook 2010 configuration complete resolve to Hosted Exchange.



It is often easier to script this and working with the right suppliers this can be done. Both Cobweb and have API’s available which we can use to automate most of the work. When combined with taking multiple passes (initial + delta) results in minimal disruption to end users.


With Exchange 2010 SP1 Hosting editions beginning to appear all of this will be taken care of natively with the addition of remote PowerShell using New-RemoteMoveRequest and user federation.

Outlook 2011 for Mac

Having played with Outlook 2011 and the rest Office for Mac I must say I am impressed over the 2008 editions. There is not the seamless feel between Windows and Mac I had hoped for.

I have already come across one slight niggle when setting up Outlook 2011 with Exchange Server, this has already caused a number of support cases. The User Name section suggests entering DOMAIN\SOMEONE, however depending on Exchange Server configuration this my need to be as it is with Cobweb.


I really like the delegation section, which is very simple and clear.

If you would like to test it with Exchange  Server contact Cobweb and we can help you out with a mailbox.

Easy Migration from Google Apps to Hosted Exchange

We use almost exclusively for on-boarding (and when the need arises off-boarding) mailboxes to the Cobweb Hosted Exchange service. I have previously blogged about this, but it makes everything a lot simpler and overcomes a number of hurdles traditional on premise or PST migrations will encounter. Our customers have noticed and often comment on how smooth the whole process is.

A sticking point has been migrating from non-Exchange servers such as Google Apps where user credentials must be supplied for each mailbox. They have a fantastic password gathering service, which although secure has raised questions about sending users to a “new” web site requesting passwords. Well, this is no more thanks to a new addition on enabling use of the Google Apps OAUTH domain key and secret to access mailbox data.

For more information on visit the wiki, How do I migrate from Google using administrative credentials?

If you want someone to manage the migration for you and are looking for a Hosted Exchange provider head over to If you fancy migrating yourself we all Cobweb Hosted Exchange settings are already loaded in to provider list on

Feel free to drop me a message if you need any other advice.

Entourage 2008 Autodiscover.xml and SSL Error

The Mac OS X operating system with Entourage 2008 messaging client may exhibit the following behaviour if the client Autodiscover lookup for can be resolved, but is not an Exchange Server Autodiscover file.

Unable to establish a secure connection to because the correct root certificate is not installed



This seems to occur when the web server hosting has an untrusted or incorrect SSL certificate and the file is accessible, but not in the correct format for Exchange Server Autodiscover.


The following solutions could be used to work around this:

· On the web server prevent resolution of to a file.

· On the web server hosting install a valid SSL certificate from a public CA. Set a redirect on to hosted on the Exchange Server CAS role.


Where the above is not possible the following could be used:

· Set local hosts entry in the Mac OS X operating system for to resolve to (Note: this will prevent browsing to  from the computer)

ASP.NET Vulnerability, and Exchange Server - Microsoft Security Advisory 2416728

An new security notification regarding the ASP.NET vulnerability has been posted,

The Exchange team are recommending that you test and deploy this fix for affected servers,

Hosted Exchange 2010 Migration Guidance

In August I blogged about the Hosting Deployment Guide for Exchange Server 2010 SP1 Beta, which was really just an incomplete CHM file.

The Microsoft Hosting Partner Technical Advisor Blog has a new post, Hosted Exchange 2010 Migration Guide. Download the ZIP file to get conceptual architecture, migration overview, migration guidance, HMC specific migration guidance and sample scripts to support your move to an Exchange 2010 SP1 Hosting forest.

You have a few standard requirements and limitations, but you will have to upgrade your control panel or services behind it. You may choose in house development, or join the increasing numbers of hosting providers outsourcing control panels to Ensim or Parallels.

Update Rollup 1 for Exchange Server 2007 Service Pack 3

If you missed it Update Rollup 1 for Exchange Server 2007 Service Pack 3 was released last Thursday (09/09/2010)

Download, test and deploy.

Manage OWA Signatures Using PowerShell

I recently rediscovered the Set-MailboxMessageConfiguration cmdlet ( which can be used with –SignatureHTML or –SignatureText to set a mailbox signature in OWA/ECP. There are plenty of tools out there to do this, my favourite being Exclaimer Signature Manager (, but hey we can do this for free.

I created a HTML file for each mailbox with the signature and used PowerShell to set them.

$mailboxes = Get-Mailbox
$mailboxes| foreach {$file= "C:\signatures\" + ($_.alias) + ".html"; Set-MailboxMessageConfiguration -identity $_.alias -SignatureHtml "$(Get-Content -Path $file -ReadCount 0)"}

This is useful for me as I have lots of work on with OWA only organisations at the moment. With the Exchange Server 2010 Hosting Edition (multi-tenant) providers may choose to expose Remote PowerShell so a tenant administrator could run this remotely.

I’m planning to expand this further with a simple WYSIWYG editor hosted on SharePoint to allow the Cobweb marketing department to build or upload a template, a service to pull information from AD and update both OWA and Outlook.

It would be cool to see this type functionality making it in to some SharePoint/ECP hybrid in a future Exchange release.

Test-ExchangeUMCallFlow - Unified Messaging Troubleshooting Tool

Microsoft have released the Unified Messaging Troubleshooting Tool which used some new cmdlets to help configure testing and diagnose configuration errors with call answering and voicemail.

Whether the solution is on-premise or cross-premise, use OCS R2 2007 or MCS “14” the cmdlet will emulate and run diagnostic tests in telephone, UM 2010 SP1 and cross-premise deployments. You end up with some useful information in the form of a cause and possible solutions.

Download it here,

OCS 2007 R2 July 2010 Cumulative Update

Can you believe July is nearly over? Microsoft have released a wave of OCS 2007 R2 cumulative update packages for OCS Server, Communicator and Group Chat.

OCS 2007 R2 Server

OCS 2007 R2 Database

Communicator 2007 R2

Communicator Phone

Group Chat Server

Group Chat Client

Group chat Admin

Windows Mobile: Activate IRM

Using Windows Mobile Device Center end users can activate Information Rights Management on compatible Windows Mobile devices. Before this can happen a simple change needs to be made.

Go in to: Mobile Device Settings > More > Connection Settings.

Change “This computer is connected to: Work Network”


The Activate IRM action will then work as long as the user can authenticate to the RMS using their domain account from their PC. Upon opening the first IRM message the user will need to authorise against the RMS, so should be connected to corporate Wi-Fi or connected by USB.



Hosting Deployment Guide for Exchange Server 2010 SP1 Beta

Microsoft have released the Hosting Deployment Guide for Exchange Server 2010 SP1 which is the first of many services to break away from the HMC and MPS deployment and provisioning model. Multi-tenant capabilities are now built directly in to AD and Exchange, although there are some limitations such as the removal of public folders and no access to ECP for tenant organisations.

Despite some limitations this is the product many hosters and carriers have been waiting for, as until Exchange Server 2010 SP1 Microsoft have not provided guidance or support for multi-tenant Exchange Server 2010. The really good news for me is this opens up the doors to more complex cross-premise deployments where the customer has Exchange in-house and in the Cloud(s).

A couple of warnings about the /hosting install. 1. You must deploy in a new forest where Exchange Server has not been installed previously. 2. There is no GUI for /hosting you must install form command line using /hosting and manage the service through Powershell. This makes sense as the current Exchange GUI won’t display multi-tenant organisations in a hierarchy and it also prevents simple changes being made outside of automated provisioning 3. Resource forest type scenarios still has limitations.

If you are interested head to to download SP1, remember to use /hosting.

While that is installing start reading through the guidance provided here,

I have been testing /hosting in the lab for a few months now and we still have a journey to complete before /hosting will make it in to the Cobweb production platform. I imagine we will start to see the hosting editions, lead by BPOS, gaining new and updated features through regular smaller releases.

Happy Hosting


Exchange mailbox moves made easy – Exchange 2010

The Exchange Team blog has a great post on the differences in mailbox moves between Exchange 2007 and 2010 here It covers some of the services used (MRS) and how CAS plays its role, plus a load of other stuff.

I really like that from Exchange 2007 we can do online moves which only require <30 second outage to the end users. This means that we can move out entire Hosted Exchange 2007 platform to 2010 during the day, without causing downtime to our customers.

I’m quite a fan of the resiliency built in to this now and that you no longer have to leave a PowerShell window or GUI open. An exciting addition is the simplicity of cross-forest moves, this makes the task on on-boarding/off-boarding for our customers so much easier.

I’m not going to repeat the blog post so head here to read it.


Hotfix Rollup 1 for Microsoft Forefront Protection for Exchange

Hotfix Rollup 1 for Microsoft Forefront Protection for Exchange was release a few weeks ago over at

I’ve been testing with the build of Exchange Server 2010 SP1 that we run in production and haven’t had any problems with it.

Get the update:

Email data migration –

If you are familiar with the pain that can come when migrating mailbox data between servers you will appreciate

It is a cloud service charged per mailbox that can hook in to Exchange, Gmail, Hotmail, IMAP and other mail servers and import directly to Exchange Server 2007/2010. It takes care of a lot of work for IMAP migrations such as securely gathering user credentials.

I really like the simple dashboard showing the state of the migration. I also like the option to take multiple passes at a mailbox and being able to on filter date ranges.


Configuration is simple.

1. Enter source server OWA/IMAP address
2. Enter destination Exchange OWA address
3. List mailboxes to migrate, then either it will handle credential gathering or you can specify a super user with access to all mailboxes.
4. Press GO and monitor.


Migrating to Exchange Server 2007/2010? Let me help you.

If your organisation is looking to upgrade an email solution to Exchange Server 2007 or 2010 I may be able to help.

Please feel free to contact me, even if you just want to run through some ideas for your own in-house migration. I’m not a sales person and promise not to try to sell anything. I will just mention now though, a full Exchange Server mailbox (Outlook access, ActiveSync, OWA, Public Folders, etc) starts at £3.29 per month and the number of mailboxes can grow and shrink as you do.
01329 242544

I have been at Cobweb since 2003 and we have been deploying, managing and migrating Exchange mailboxes since 2001. Between us we have Exchange MCSE(2003), MCITP (2007/2010) and MVP awards, add to this our 4000+ customer base and that adds up to a lot of successful deployments and migrations under our belts.

No matter what email solution you currently deploy we can help get you on to Exchange Server whether that be our hugely successful Hosted Exchange platform or a dedicated Exchange deployment for your organisation. We successfully completed migrations for organisations ranging from 5 to 4000+ mailboxes, which can be staged over a period if time if required.


Technorati Tags:

Windows Phone Live - MyPhone for Windows Phone 7

Windows Phone Live is the Windows Phone 7 replacement for MyPhone used with Windows Mobile. Good news is it's much better, comes with 25GB of SkyDrive and best of all it is all free.

Rather than spout loads of information it is covered here,


Exchange 2007 + 2010 forwarding

I had the need to enable forwarding for large batches of users to an external domain in one go. I came up with this.

1. Create a CSV file containing UPN and external email adrress.


2. Create a PowerShell script using the following.

Import-Csv Forwarding.csv ForEach {New-MailContact -Name $_.EmailAddress -ExternalEmailAddress $_.EmailAddress}
Import-Csv Forwarding.csv ForEach {Set-MailContact -Name $_.EmailAddress -HiddenFromAddressListsEnabled $true}
Import-Csv Forwarding.csv ForEach {Set-Mailbox -Identity $_.UPN -ForwardingAddress $_.EmailAddress -DeliverToMailboxAndForward $FALSE}


Exchange Server Pre-Deployment Analyzer

If you are planning to deploy Exchange 2010 I recommend you run the Exchange Server Pre-Deployment Analyzer to perform a readiness check of your environment, not just the server.

There is post from the Exchange team about it here,


Additional UPN Suffix in AD\Exchange 2007

While planning and Exchange migration, alongside a separate AD forest migration I had the requirement to assign an additional UPN suffix to users without adding it to the forest. To complicate things further this only needed to be available to mailboxes in a certain OU.

The solution is to add to the uPNSuffixes attribute using ADSIEdit on the OU in question.


When creating a user/mailbox now using ADUC or the Exchange management console I can choose ‘’ as the UPN suffix, rather than a domain added at the AD forest level.



Technorati Tags: ,

Gmail gets ActiveSync policies and wipe

I'm Exchange Server through and through, yet I still use gmail for my personal account. The other day I was forced to re-sync my Windows Mobile and I have now discovered why, Google have added the ability to set security policies on ActiveSync devices (WinMo,iPhone, etc) and remotely wipe them. Cool!

If you are a Google Apps Premier or Education customer head over to,


Yay! MCITP: Enterprise Messaging Administrator 2010

I got an email through today confirming I have passed the Exchange 2010 PRO exam beta and have now achieved MCITP Enterprise Messaging Administrator 2010 certification. :D

The PRO exam is available from today and you can find out about it here,

If you haven't taken the TS yet find out about it here,

The Exchange 2010 certification hasn't appeared on the MCITP page just yet,


Whitepaper: Security in BPOS

Found this whitepaper from Microsoft about how they do security in the cloud with BPOS,

It's an interesting read for those new to cloud services, however having worked in a company that has being doing this for 8+ years with Hosted Exchange I know this case well. If you fancy a chat about security and reliability in the cloud it why not visit or call us on 01329 242500.


Office Communications Server 2007 R2 services stuck at 'Starting' with Server 2008

I found this over at Aaron Tiensivu's Blog and found it quite interesting.

"A few months ago I detailed about a problem with OCS services not starting after a reboot, a general loss of network connectivity during boot and the inability to RDP to those servers once this scenario was triggered.

I bumped into a new article from a Paul Adams at MS that has a handyPowerShell script to add in the workaround for the deadlock problem. It is also noted, just from general banter on the Internet, forums and newsgroups, that the OCS servers involved are typically HP servers that used the SmartStart CD for installation. It could be that HP agents, drivers or services added to the base OS are causing this issue to flare up. Any OCS servers I have seen, so far, that had this problem were from HP.

The PowerShell script can be downloaded from here, and it refers to an earlier post by the same author detailing the technical reasons as to why and how it can happen. Ideally, I'm hoping a more generic/official fix for it becomes available from Microsoft at some point for the OS. OCS unfortunately is just a possible trigger for this issue, and the issue comes from the underlying operating system."

Read the post at his blog here,


Exchange 2010 Deployment Assitant update

There are some new upgrade scenarios over on the Exchange 2010 Deployment Assitant. It's worth he time running through.

GroupWise gets Active Sync

If you use GroupWise there is a beta ActiveSync connector availble.