Archive for the ‘Exchange’ Category

@#$@#%#$% Gmail has blocked me!

you’ve had an “event” on your email server and now you’re on all kinds of RBLs. You get yourself off all the bad guy lists, but google is still blocking you with a message that looks something like this:
550-5.7.1 [x.x.x.x] Our system has detected that this message is likely unsolicited mail. To reduce the amount of spam sent to

or #5.5.0 smtp;550-5.7.1 [x.x.x.x] Our system has detected an unusual rate of ……

And you find that google doesn’t have a way to get yourselves off their list. Can you say 1-800-wedontgiveadamn? There is an I can’t send mail to you guys form that you can fill out here: but don’t hold your breath.

The one thing you CAN do, however, is make sure you have an SPF record setup on your sending domain. If you don’t have one setup, setting one up will almost instantly release the block by Google.

To setup an SPF record, simple add the following txt record under a host id of @.
v=spf1 mx ptr ip4:x.x.x.x ~all

And then tell everyone that google is the new evil empire (along with apple and microsoft).


Restoring Exchange 2003 from a remote Backupexec 9.1 server

So this seems like it should be a fairly straight forward task.  I mean there are a ton of BE backups going on every day and a ton of exchange backups in those.  And I seriously doubt that all of the backups are running from the exchange server (unless it an SBS - but that’s a totally different animal).  But documantation and gotchas are seriously lacking here.  So, follow the bellow exactly!  Do not skip anything otherwise you will go directly to jail and will owe $200.
1)  Install the base OS.
 a) Do a parallel install or scratch install to a folder that is NOT c:\windows on the server to be restored

 2)Install the BE remote agent on the exhcnage server and make sure it is running!
 IMPORTANT!  Don’t forget this - bad things happen!

3) Restore the remote server OS from the BE server.
 Only include the C:, D: volumes and system state. Do NOT include the exchange stores.
 Before restarting, edit the Boot.ini to add back the parallel install.  IMPORTANT because it’s likely the restore will munch one or more of the drivers

4) If the server does not restart, it’s probably the video driver.
 restart in safe mode, then reinstall the correct video driver - even if it says it’s already there.

5) Once successfully restarted, start the Exchange store.
 Make sure the stores are dismounted
 In the store properties, check the setting to allow restore.

6) restore the exchange store from BE.

7) there may be misc stuff to cleanup but it should be mostly good to go.
what can happen???

If you forget to install or don’t have the remote agent running on the remote server, BE will restore the system state to the local server!  No shit!
It won’t tell you it did that - it will only fail on the volume restores but say the system state was successful.  If you see something like that - DO NOT REBOOT!�
Immediately restore the local system state from BE.  If you screwed that up, then you’ll need to do a parallel OS install.�
You will need to remove (or rename the existing MSSQL$dackupexec instance and make sure when you install BE, you install to a different directory.
Unless you want to recatalog the tape (yikes!) copy all of the *.ui1 files from the backupexec/nt/catalog folder to the new install.
Then, you will need to service pack the OS up to the level the orginal server was.  Then restore in Directory Restore mode and restore the system state.  Oh, and you have to restore the entier C: volume along with the system state to get your registry and SAM back.  Otherwise it will fail to restore with a cryptic error (eventhough it lets you select only the system state - how lmae is that??)


No Comments

Vista, Outlook 2007 and RPC over HTTP

Ok, here’s a fun little tidbit.  You’ve been setting up Outlook 2003 and 2007 to operate remotely over HTTP for quite a while now.  You even think you know what you are doing!  And then along comes a problem out of the blue that makes no sense.  After all, you’ve done this lots of times before.  Here’s the situation…. Outlook 2007, Vista, RPC over HTTP, AND self signed certificates.  and the error message is: “Outlook is unable to connect to the proxy server ….” and ends with “(Error code 8 )”.  You, being a smarty pants, realize that you probably forgot to install the certificate.  So, you go ahead pop open IE, go to your OWA page, click on the cert warning and install it - click, click, click, done.  Something you’ve done a thousand times right?  You try Outlook again and - dang it! It still doesn’t work!  Same error.  WTF?  Well, what happened is that Vista puts your self signed cert in the Intermediate category (one of those clicks told IE to put it in the default category) and Outlook 2007 needs the cert to be in the Trusted Root category.  Picky, picky, picky.  Solution?  Watch where you install the cert to when you install it!  But if you already messed that up, then open MMC, add the cert snapin for personal use, then drag the cert from the intermediate folder to the trusted root folder.  Bang done, Outlook 2007 works!  So, now you ask: “Why does MS need to go around messing with stuff like this????”   Ah, now if I had the answer to that!!!!…..


No Comments

Outlook Cached Mode Is Greyed Out!

Ok, so you or someone you know and love has been messing around with disabling chached mode and/or offline folder file settings.  Lots of reasons to do this, and lots of reasons to un-do this.  Doing it is pretty easy through customizations and/pr group policies.  Un-doing it is a pain.  So here’s the secret….  Ready….  You need to hack the registry!  Surprise Surprise.  Ah, but what to hack????  Simple.  Go to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\xx.0\Outlook\OST  (where xx is your current outlook version - YES this works for lots of versions) and simply delete the NoOST value.  Restart outlook (or start it as you shouldn’t have had it started in the first place) and whala! you can not reset your happy little cached mode thingy.  For those of you that are really interested in what the values in NoOST mean….

  • 0—An offline store is set up by default and used for calendar caching. You can enable offline access and use the offline store. This is the same as the absence of the OST key and NoOST entry.
  • 1—An offline store is set up by default and used for calendar caching. You can’t enable offline access and use the offline store. The options on the Microsoft Exchange Server Properties dialog box aren’t available.
  • 2—An offline store isn’t set up by default, and you can’t enable offline access and use the offline store. The options on the Microsoft Exchange Server Properties dialog box aren’t available.
  • 3—An offline store isn’t set up by default, and you can’t enable offline access and use the offline store.

There - aren’t you glad you read on!

 I didn’t think so.



1 Comment

Setting up a Moto Q to Exchange 2003

1) Install Activesync 4.2 or higher on the desktpo computer, connect the cable, establish the partnership and sync away.

2) To setup Over The Air synching, you will need to get the cert installed is it’s not a public cert.  Most MotoQs seem to come with this capability locked.  Here’s one tool for installing the cert anyway: Here’s another way:  You will also need to have the user’s ID and password to do this.  Oh, and I’m assuming that you aren’t an idiot and have already installed a cert and setup OWA to use HTTPS - Exchange uses the same cert for OMA (Outlook Mobile Access) which is where smartphones go to sync.


No Comments

Enabling Password Change in OWA 2003

So why doesn’t Microsoft allow you to change your password in OWA?  Now that’s a very good question.  but Hey, it’s Microsoft - wadayaexpect?  anyway, here’s how to do it start to finish.  Including allowing users with expired passwords to change them.  Yep, that’s right there’s extra stuff to allow that.

I) Assuming you’ve already setup an SSL cert for the site… we need to setup a new virtual directory for the password change forms.

  1. Open Internet Information Services Manager from the Administrative Tools.
  2. In IIS Manager expand SERVERNAME (Where SERVERNAME is your server name object), expand Web Sites, and then expand Default Web Site.
  3. Right-click Default Web site and choose New, then select Virtual Directory.
  4. In the Welcome screen click Next.
  5. In the Virtual Directory Alias window type Iisadmpwd. Click Next.
  6. In the Website Content Directory screen navigate to %Systemroot%\System32\Inetsrv\Iisadmpwd. Click Next.
  7. In the Virtual Directory Access Permissions grant Read, Run Scripts and Execute permissions. Click Next.
  8. Click Finish.
  9. Change the Application Pool to ExchangeApplicationPool otherwise you’ll get permissions problems.
  10. See that the new Virtual Directory is listed in the folder list on the right-pane of the IIS Admin console.

II) Now we actually have to enable the change password button inside OWA.  You can do this with a registry hack but the best way, I think, is to download a little gem called OWAADMIN from MS.  Use this tool to not only to enable changing passwords, but you can putz with all sorts of other mildly useful OWA settings as well.  Oh, BTW, here’s the registry key just in case… KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWEB\OWA - Create a new Dword DisablePassword and set it to 0.

III) Now, we need to fix the change the password when it’s already expired problem.  To do that, we need to download the IIS Resource Kit from MS and install it on the exchange server.  After the resource kit has been installed, run the utility called ‘Metabase Explorer’. This will open a ‘windows explorer’ type window that allows you to browse your IIS metabase configuration.In the tree in the left-hand window, find the ‘W3SVC’ entry, and select it in order to display the settings in the right-hand pain.Locate the setting ‘PasswordChangeFlags’ (You can alphabetize the list by name to make it easier to locate the setting)

If the setting is not ‘0’~
Double click on the ‘PasswordChangeFlags’ setting and change the value to ‘0’. (zero)

Close the IIS Metabase Explorer, and restart the web-site that contains the IISADMPWD virtual directory. (it should not be necessary to restart the WWW or IIS services, only the web-site).

IV) The last thing to do is to fix the Object requried error you get when you actually try to change the password when it’s already expired.  To do that we need to register a DLL that MS somehow forgot about.  

regsvr32 c:\windows\system32\inetsrv\iisadmpwd\iispwchg.dll


There, now wasn’t that easy???

No Comments