RE: Setting up RPC-HTTPS
Sorry Kurt, I was not suggesting that you were incapable of following, merely validating that they have worked for me just following those..with a slight hint of..check for fat fingering. Also did you add the blank line at the end of the registry file when you copied and pasted the reg keys? On all of mine I have the default website selected for require ssl, but I do know many situations where that is not the case. And they force a redirection to https://fqdn.com/exchange Let us know what the event logs turn up. Greg -Original Message- From: Kurt Buff [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 1:35 AM To: MS-Exchange Admin Issues Subject: Re: Setting up RPC-HTTPS On 1/24/08, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Kurt, I have followed the amset dozens of times and petri at least that many. Works perfectly each time unless I fat finger something. That's something I'm perfectly capable of, and do many times a day. Heh. I assume on the DC you selected in the name you have the RPC Proxy installed. You have confirmed the perms on the IIS for it. Have you confirmed the ssl cert is enabled for the rpc in iis under the site you have the ssl cert installed on. No, the RPC Proxy is on the Exchange server. I've selected Properties for the RPC virtual directory, and under Directory Security/Secure Communications, both Require secure channel (SSL) and the sub-checkbox Require 128-bit enryption are selected. However, in review, I note that the same is not true for the web site itself. Should that be selected? I don't think so, but am not expert in that. If the RPC server you specify in Outlook is not matching the certificate name you installed then it will not connect over RPC. IF you ping the external name of the cert does it resolve internally to your Exch server. If not fix that with DNS then try it. DNS is fine - it resolves both internally and externally, with split DNS. Are there any event logs in the DC or the Exchange server when you attempt to connect? Gad - that's something I'll have to check tomorrow. BY chance do you have Sharepoint Services or Server running on the Exchange server or the DC? If so have you excluded the rpc virtual directory path from SP. If not SP takes over and ruins your life.. A common issue with the error from RPCping, Client is not authorized to ping RPC proxy None of that in our environment. However, we do still have ADC running, for our old Exchange 5.5 servers. Kurt ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Exchange OWA Front End Options
I need some recommendations for front end security to OWA. We had a Network Engines ISA appliance up till now but it is having problems and is way past end of life. I know there are a lot of options like a front end server in the DMZ, another ISA box, SSLVPN, etc. I kind of want a simple relatively cheap solution that is more or less plug and play if something like that exists. I can't support web based SSL VPN currently, I think that would be nice and easy for users but there would be a lot of time and cost up front that I don't have. Am I wanting the world and not wanting to pay for it here? Any ideas? Thanks Niles ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange OWA Front End Options
Isa does the FBA Auth for you and can use many Auth methods between itself the exchange box. It also publishes http/rpc securely. In fact it publishes all of exchange's services securely. S -Original Message- From: N Parr [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 2:23 PM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options Front end security is something that if someone decides to attack OWA they aren't able to attack my Exchange box directly, they will only be attacking the device that authenticates you then passes you off to the actually web server on the exchange box. -Original Message- From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 11:41 AM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options SSL Explorer is free and easy to use. But I'm not 100% sure what you mean by front-end security. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com -Original Message- From: N Parr [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 12:25 PM To: MS-Exchange Admin Issues Subject: Exchange OWA Front End Options I need some recommendations for front end security to OWA. We had a Network Engines ISA appliance up till now but it is having problems and is way past end of life. I know there are a lot of options like a front end server in the DMZ, another ISA box, SSLVPN, etc. I kind of want a simple relatively cheap solution that is more or less plug and play if something like that exists. I can't support web based SSL VPN currently, I think that would be nice and easy for users but there would be a lot of time and cost up front that I don't have. Am I wanting the world and not wanting to pay for it here? Any ideas? Thanks Niles ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Delivery reciepts in Chinese
Unfortunately, no. I've been squeezing turnips around here pretty hard already, just to afford the Exchange upgrade from E2000. I did find a forum post that was somewhat helpful at http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=1793976SiteID=17 I've tried the workaround listed there, but it doesn't seem to be helping. I don't know if MS killed the workaround with SP1, if I need to bounce the server, or if I just need to tell people to click forward to read them. Steve -Original Message- From: Kent, Larry CTR USA IMCOM [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 11:34 AM To: MS-Exchange Admin Issues Subject: RE: Delivery reciepts in Chinese Is updating the clients to either outlook 2003 or Outlook 2007 feasible? -Original Message- From: Steve Hart [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 2:24 PM To: MS-Exchange Admin Issues Subject: RE: Delivery reciepts in Chinese Thanks. I'm not sure if that's related to my problem, but I'm grasping at straws. I have discovered one more wrinkle. Internal delivery reciepts are fine. It's only those from outside the company that are displayed in Chinese. A new Outlook profile didn't help. Steve -Original Message- From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 11:11 AM To: MS-Exchange Admin Issues Subject: Re: Delivery reciepts in Chinese http://www.petri.co.il/reset_mailbox_language.htm On Jan 25, 2008 2:05 PM, Steve Hart [EMAIL PROTECTED] wrote: Sorry to repost, but I'm striking out searching on this one. It looks like all of my Outlook 2002 users are getting their delivery receipts in Chinese. They look fine in OWA and OK in different versions of Outlook. It started when I moved the mailboxes to E2007. It looks like somehow E2007 is formatting messages in some odd way that tells Outlook 2002 to present them in Chinese. I've found one online thread (on a dozen mirrors) that involved several companies with the same issue. Unfortunately, there weren't any solutions. Has anyone here ever heard of this one? Steve From: Steve Hart [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 5:02 PM To: MS-Exchange Admin Issues Subject: Delivery reciepts in Chinese I figure I'll hit every possible snag in an Exchange 2007 migration and then we'll have all of the answers in the archives. :-) With all the big fires out, I'm working on a few minor things. I have at least two users that are getting delivery reciepts presented in Chinese by Outlook. They're in English in OWA. I found one other case of this through Google and that person had the same software, Exchange 2007 and Outlook 2002. Ideas? Steve -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Setting up RPC-HTTPS
One of my favorite actors once had this line: Life is tough. Life is tougher if you're stupid. I actually had everything server-side working correctly. My client-side setup and testing was awry, because I was completely blind, and was using NTLM auth, instead of Basic. Once I spotted that, I was done. Immediate success. Halle-freaking-lujah! Kurt On Jan 25, 2008 4:02 AM, [EMAIL PROTECTED] wrote: Sorry Kurt, I was not suggesting that you were incapable of following, merely validating that they have worked for me just following those..with a slight hint of..check for fat fingering. Also did you add the blank line at the end of the registry file when you copied and pasted the reg keys? On all of mine I have the default website selected for require ssl, but I do know many situations where that is not the case. And they force a redirection to https://fqdn.com/exchange Let us know what the event logs turn up. Greg -Original Message- From: Kurt Buff [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 1:35 AM To: MS-Exchange Admin Issues Subject: Re: Setting up RPC-HTTPS On 1/24/08, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Kurt, I have followed the amset dozens of times and petri at least that many. Works perfectly each time unless I fat finger something. That's something I'm perfectly capable of, and do many times a day. Heh. I assume on the DC you selected in the name you have the RPC Proxy installed. You have confirmed the perms on the IIS for it. Have you confirmed the ssl cert is enabled for the rpc in iis under the site you have the ssl cert installed on. No, the RPC Proxy is on the Exchange server. I've selected Properties for the RPC virtual directory, and under Directory Security/Secure Communications, both Require secure channel (SSL) and the sub-checkbox Require 128-bit enryption are selected. However, in review, I note that the same is not true for the web site itself. Should that be selected? I don't think so, but am not expert in that. If the RPC server you specify in Outlook is not matching the certificate name you installed then it will not connect over RPC. IF you ping the external name of the cert does it resolve internally to your Exch server. If not fix that with DNS then try it. DNS is fine - it resolves both internally and externally, with split DNS. Are there any event logs in the DC or the Exchange server when you attempt to connect? Gad - that's something I'll have to check tomorrow. BY chance do you have Sharepoint Services or Server running on the Exchange server or the DC? If so have you excluded the rpc virtual directory path from SP. If not SP takes over and ruins your life.. A common issue with the error from RPCping, Client is not authorized to ping RPC proxy None of that in our environment. However, we do still have ADC running, for our old Exchange 5.5 servers. Kurt ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Setting up RPC-HTTPS
Alas it is always something right in front of your face. I hated those where's waldo books! Glad to hear its up and working. -troy -Original Message- From: Kurt Buff [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 4:42 PM To: MS-Exchange Admin Issues Subject: Re: Setting up RPC-HTTPS One of my favorite actors once had this line: Life is tough. Life is tougher if you're stupid. I actually had everything server-side working correctly. My client-side setup and testing was awry, because I was completely blind, and was using NTLM auth, instead of Basic. Once I spotted that, I was done. Immediate success. Halle-freaking-lujah! Kurt On Jan 25, 2008 4:02 AM, [EMAIL PROTECTED] wrote: Sorry Kurt, I was not suggesting that you were incapable of following, merely validating that they have worked for me just following those..with a slight hint of..check for fat fingering. Also did you add the blank line at the end of the registry file when you copied and pasted the reg keys? On all of mine I have the default website selected for require ssl, but I do know many situations where that is not the case. And they force a redirection to https://fqdn.com/exchange Let us know what the event logs turn up. Greg -Original Message- From: Kurt Buff [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 1:35 AM To: MS-Exchange Admin Issues Subject: Re: Setting up RPC-HTTPS On 1/24/08, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Kurt, I have followed the amset dozens of times and petri at least that many. Works perfectly each time unless I fat finger something. That's something I'm perfectly capable of, and do many times a day. Heh. I assume on the DC you selected in the name you have the RPC Proxy installed. You have confirmed the perms on the IIS for it. Have you confirmed the ssl cert is enabled for the rpc in iis under the site you have the ssl cert installed on. No, the RPC Proxy is on the Exchange server. I've selected Properties for the RPC virtual directory, and under Directory Security/Secure Communications, both Require secure channel (SSL) and the sub-checkbox Require 128-bit enryption are selected. However, in review, I note that the same is not true for the web site itself. Should that be selected? I don't think so, but am not expert in that. If the RPC server you specify in Outlook is not matching the certificate name you installed then it will not connect over RPC. IF you ping the external name of the cert does it resolve internally to your Exch server. If not fix that with DNS then try it. DNS is fine - it resolves both internally and externally, with split DNS. Are there any event logs in the DC or the Exchange server when you attempt to connect? Gad - that's something I'll have to check tomorrow. BY chance do you have Sharepoint Services or Server running on the Exchange server or the DC? If so have you excluded the rpc virtual directory path from SP. If not SP takes over and ruins your life.. A common issue with the error from RPCping, Client is not authorized to ping RPC proxy None of that in our environment. However, we do still have ADC running, for our old Exchange 5.5 servers. Kurt ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: NLB CAS SSL Certs
I followed this article originally when I tried a regular ssl cert first: http://www.msexchange.org/articles_tutorials/exchange-server-2007/mobili ty-client-access/securing-exchange-2007-client-access-server-3rd-party-s an-certificate.html I believe I have already made all the necessary changes to make the proper cert work. I'm getting a SAN cert from Comodo today so I'm crossing my fingers that Outlook Anywhere will work this time (OWA works but not Outlook RPC/HTTPS). Thanks, Matt -Original Message- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 6:24 AM To: MS-Exchange Admin Issues Subject: RE: NLB CAS SSL Certs Just make you set the avail and autodiscovery stuff (AutoDiscoverServiceInternalUri), etc.. via powershell to point to the FQDN of the NLB. -Original Message- From: Matt Bullock [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 3:44 PM To: MS-Exchange Admin Issues Subject: RE: NLB CAS SSL Certs So I can remove the .local names, and use - cas1.domain.com cas2.domain.com mail.domain.com (NLB address) autodiscover.domain.com (NLB address) Thanks Neil and Andy -Original Message- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 4:21 AM To: MS-Exchange Admin Issues Subject: RE: NLB CAS SSL Certs If you point the clients to the NLB FQDN and set the autodiscovery stuff etc to the NLB address, then all you really need is that and the autodiscovery FQDN as well(dont forget autodiscovery!) No need to add the .local and actual host names of the servers unless you really want to. From: Matt Bullock [EMAIL PROTECTED] Sent: Thursday, January 24, 2008 12:24 AM To: MS-Exchange Admin Issues Subject: NLB CAS SSL Certs I am trying to figure out the proper SSL cert to purchase. I have two CAS/HUB servers using NLB for redundancy and load balancing, and I wanted to make sure a single SAN cert will do the trick. Would the following names be all I need to include in the cert? Cas1.domain.com Cas2.domain.com Cas1.domain.local Cas2.domain.local Mail.domain.com (NLB address) After installing on the first server, I'll export and install on the second. Thanks, Matt ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Delivery reciepts in Chinese
I've had a similar issue when some users went to other countries and accessed outlook from those locales. When they came back OWA was still in that locale context. Im pretty sure it was the same steps in that article (that I previously got from PSS) that fixed it. On Jan 25, 2008 2:24 PM, Steve Hart [EMAIL PROTECTED] wrote: Thanks. I'm not sure if that's related to my problem, but I'm grasping at straws. I have discovered one more wrinkle. Internal delivery reciepts are fine. It's only those from outside the company that are displayed in Chinese. A new Outlook profile didn't help. Steve -Original Message- From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 11:11 AM To: MS-Exchange Admin Issues Subject: Re: Delivery reciepts in Chinese http://www.petri.co.il/reset_mailbox_language.htm On Jan 25, 2008 2:05 PM, Steve Hart [EMAIL PROTECTED] wrote: Sorry to repost, but I'm striking out searching on this one. It looks like all of my Outlook 2002 users are getting their delivery receipts in Chinese. They look fine in OWA and OK in different versions of Outlook. It started when I moved the mailboxes to E2007. It looks like somehow E2007 is formatting messages in some odd way that tells Outlook 2002 to present them in Chinese. I've found one online thread (on a dozen mirrors) that involved several companies with the same issue. Unfortunately, there weren't any solutions. Has anyone here ever heard of this one? Steve From: Steve Hart [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 5:02 PM To: MS-Exchange Admin Issues Subject: Delivery reciepts in Chinese I figure I'll hit every possible snag in an Exchange 2007 migration and then we'll have all of the answers in the archives. :-) With all the big fires out, I'm working on a few minor things. I have at least two users that are getting delivery reciepts presented in Chinese by Outlook. They're in English in OWA. I found one other case of this through Google and that person had the same software, Exchange 2007 and Outlook 2002. Ideas? Steve -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Delivery reciepts in Chinese
Sorry to repost, but I'm striking out searching on this one. It looks like all of my Outlook 2002 users are getting their delivery receipts in Chinese. They look fine in OWA and OK in different versions of Outlook. It started when I moved the mailboxes to E2007. It looks like somehow E2007 is formatting messages in some odd way that tells Outlook 2002 to present them in Chinese. I've found one online thread (on a dozen mirrors) that involved several companies with the same issue. Unfortunately, there weren't any solutions. Has anyone here ever heard of this one? Steve From: Steve Hart [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 5:02 PM To: MS-Exchange Admin Issues Subject: Delivery reciepts in Chinese I figure I'll hit every possible snag in an Exchange 2007 migration and then we'll have all of the answers in the archives. :-) With all the big fires out, I'm working on a few minor things. I have at least two users that are getting delivery reciepts presented in Chinese by Outlook. They're in English in OWA. I found one other case of this through Google and that person had the same software, Exchange 2007 and Outlook 2002. Ideas? Steve ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange OWA Front End Options
Gee, sounds like a reason to put ISA in the DMZ and not make it a domain member ;) -Original Message- From: N Parr [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 10:23 AM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options Front end security is something that if someone decides to attack OWA they aren't able to attack my Exchange box directly, they will only be attacking the device that authenticates you then passes you off to the actually web server on the exchange box. -Original Message- From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 11:41 AM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options SSL Explorer is free and easy to use. But I'm not 100% sure what you mean by front-end security. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com -Original Message- From: N Parr [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 12:25 PM To: MS-Exchange Admin Issues Subject: Exchange OWA Front End Options I need some recommendations for front end security to OWA. We had a Network Engines ISA appliance up till now but it is having problems and is way past end of life. I know there are a lot of options like a front end server in the DMZ, another ISA box, SSLVPN, etc. I kind of want a simple relatively cheap solution that is more or less plug and play if something like that exists. I can't support web based SSL VPN currently, I think that would be nice and easy for users but there would be a lot of time and cost up front that I don't have. Am I wanting the world and not wanting to pay for it here? Any ideas? Thanks Niles ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Exchange OWA Front End Options
cue's the Imperial March theme http://en.wikipedia.org/wiki/The_Imperial_March On Jan 25, 2008 1:22 PM, Troy Meyer [EMAIL PROTECTED] wrote: Oh geez not this crap again. Let the ISA [EMAIL PROTECTED] go full throttle. -Original Message- From: Andy Shook [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 10:16 AM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options Actually, don't put ISA on your network b\c its CRAP! Shook -Original Message- From: Steve Moffat [mailto:[EMAIL PROTECTED] On Behalf Of Exchange (Sunbelt) Sent: Friday, January 25, 2008 1:15 PM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options Don't put the ISA in a DMZ. More secure in the domain. S -Original Message- From: Kennedy, Jim [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 2:07 PM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options I think an ISA or ISA like server/appliance in the DMZ is still your easiest and best solution to your immediate issue. VPN or SSL VPN is good but I would look at that as an addition to rather than a replacement for a simple ISA published OWA. A simple web address for a quick check of email while at a hotel can't be beat for user friendly. And certainly not an OWA server in the DMZ. -Original Message- From: N Parr [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 12:25 PM To: MS-Exchange Admin Issues Subject: Exchange OWA Front End Options I need some recommendations for front end security to OWA. We had a Network Engines ISA appliance up till now but it is having problems and is way past end of life. I know there are a lot of options like a front end server in the DMZ, another ISA box, SSLVPN, etc. I kind of want a simple relatively cheap solution that is more or less plug and play if something like that exists. I can't support web based SSL VPN currently, I think that would be nice and easy for users but there would be a lot of time and cost up front that I don't have. Am I wanting the world and not wanting to pay for it here? Any ideas? Thanks Niles ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Exchange OWA Front End Options
ooo, 'dems fightin' werds! On Jan 25, 2008 1:16 PM, Andy Shook [EMAIL PROTECTED] wrote: Actually, don't put ISA on your network b\c its CRAP! Shook -Original Message- From: Steve Moffat [mailto:[EMAIL PROTECTED] On Behalf Of Exchange (Sunbelt) Sent: Friday, January 25, 2008 1:15 PM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options Don't put the ISA in a DMZ. More secure in the domain. S -Original Message- From: Kennedy, Jim [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 2:07 PM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options I think an ISA or ISA like server/appliance in the DMZ is still your easiest and best solution to your immediate issue. VPN or SSL VPN is good but I would look at that as an addition to rather than a replacement for a simple ISA published OWA. A simple web address for a quick check of email while at a hotel can't be beat for user friendly. And certainly not an OWA server in the DMZ. -Original Message- From: N Parr [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 12:25 PM To: MS-Exchange Admin Issues Subject: Exchange OWA Front End Options I need some recommendations for front end security to OWA. We had a Network Engines ISA appliance up till now but it is having problems and is way past end of life. I know there are a lot of options like a front end server in the DMZ, another ISA box, SSLVPN, etc. I kind of want a simple relatively cheap solution that is more or less plug and play if something like that exists. I can't support web based SSL VPN currently, I think that would be nice and easy for users but there would be a lot of time and cost up front that I don't have. Am I wanting the world and not wanting to pay for it here? Any ideas? Thanks Niles ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange OWA Front End Options
What would you recommend instead? -Original Message- From: Andy Shook [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 11:16 AM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options Actually, don't put ISA on your network b\c its CRAP! Shook -Original Message- From: Steve Moffat [mailto:[EMAIL PROTECTED] On Behalf Of Exchange (Sunbelt) Sent: Friday, January 25, 2008 1:15 PM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options Don't put the ISA in a DMZ. More secure in the domain. S -Original Message- From: Kennedy, Jim [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 2:07 PM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options I think an ISA or ISA like server/appliance in the DMZ is still your easiest and best solution to your immediate issue. VPN or SSL VPN is good but I would look at that as an addition to rather than a replacement for a simple ISA published OWA. A simple web address for a quick check of email while at a hotel can't be beat for user friendly. And certainly not an OWA server in the DMZ. -Original Message- From: N Parr [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 12:25 PM To: MS-Exchange Admin Issues Subject: Exchange OWA Front End Options I need some recommendations for front end security to OWA. We had a Network Engines ISA appliance up till now but it is having problems and is way past end of life. I know there are a lot of options like a front end server in the DMZ, another ISA box, SSLVPN, etc. I kind of want a simple relatively cheap solution that is more or less plug and play if something like that exists. I can't support web based SSL VPN currently, I think that would be nice and easy for users but there would be a lot of time and cost up front that I don't have. Am I wanting the world and not wanting to pay for it here? Any ideas? Thanks Niles ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange OWA Front End Options
Front end security is something that if someone decides to attack OWA they aren't able to attack my Exchange box directly, they will only be attacking the device that authenticates you then passes you off to the actually web server on the exchange box. -Original Message- From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 11:41 AM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options SSL Explorer is free and easy to use. But I'm not 100% sure what you mean by front-end security. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com -Original Message- From: N Parr [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 12:25 PM To: MS-Exchange Admin Issues Subject: Exchange OWA Front End Options I need some recommendations for front end security to OWA. We had a Network Engines ISA appliance up till now but it is having problems and is way past end of life. I know there are a lot of options like a front end server in the DMZ, another ISA box, SSLVPN, etc. I kind of want a simple relatively cheap solution that is more or less plug and play if something like that exists. I can't support web based SSL VPN currently, I think that would be nice and easy for users but there would be a lot of time and cost up front that I don't have. Am I wanting the world and not wanting to pay for it here? Any ideas? Thanks Niles ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange OWA Front End Options
Oh geez not this crap again. Let the ISA [EMAIL PROTECTED] go full throttle. -Original Message- From: Andy Shook [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 10:16 AM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options Actually, don't put ISA on your network b\c its CRAP! Shook -Original Message- From: Steve Moffat [mailto:[EMAIL PROTECTED] On Behalf Of Exchange (Sunbelt) Sent: Friday, January 25, 2008 1:15 PM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options Don't put the ISA in a DMZ. More secure in the domain. S -Original Message- From: Kennedy, Jim [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 2:07 PM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options I think an ISA or ISA like server/appliance in the DMZ is still your easiest and best solution to your immediate issue. VPN or SSL VPN is good but I would look at that as an addition to rather than a replacement for a simple ISA published OWA. A simple web address for a quick check of email while at a hotel can't be beat for user friendly. And certainly not an OWA server in the DMZ. -Original Message- From: N Parr [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 12:25 PM To: MS-Exchange Admin Issues Subject: Exchange OWA Front End Options I need some recommendations for front end security to OWA. We had a Network Engines ISA appliance up till now but it is having problems and is way past end of life. I know there are a lot of options like a front end server in the DMZ, another ISA box, SSLVPN, etc. I kind of want a simple relatively cheap solution that is more or less plug and play if something like that exists. I can't support web based SSL VPN currently, I think that would be nice and easy for users but there would be a lot of time and cost up front that I don't have. Am I wanting the world and not wanting to pay for it here? Any ideas? Thanks Niles ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
SOLVED: Journaling a mail-enabled public folder
If anybody cares, I found an answer to the TNEF-encoded problem with messages created by the archive sink. The solution was here: http://www.exchangenewsgroups.net/group/microsoft.public.exchange.misc/topic 366.aspx Cliff note: Enable post-cat archiving. A pain though because turning post-cat on for the outbound mapi-gateway messages also causes inbound messages to be archived twice, even with pre-cat archiving turned off. Nothing a little scripting can't solve, though. Carl _ From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 10:06 PM To: MS-Exchange Admin Issues Subject: RE: Journaling a mail-enabled public folder OK, I'll bite, Where' the magic TNEF decoder that I can pass these .EML files through and come up with something searchable and readable? I mean, it seems silly to provide an archiving feature or program that produces a file that's not searchable. This problem must have been solved before. Carl _ From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 7:09 PM To: MS-Exchange Admin Issues Subject: RE: Journaling a mail-enabled public folder That's typical. You need to be able to decode TNEF to understand most Exchange e-mail messages. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 6:35 PM To: MS-Exchange Admin Issues Subject: RE: Journaling a mail-enabled public folder No problem with message volume, but outbound archiving with this widget has problems. I'm seeing major amounts of binary garbage in body of the .eml files in the Mapi-Gateway Messages folder. The basic headers look fine, then just before the body there's a line or two, which contains some of the same info in the headers and recognizable as unicode text, as well as some binary stuff not recognizable at all. Then the body of the message in HTML. Then more binary stuff and unicode text at the end. By unicode text I mean my subject line appeared like this: T e s t i n g 1 2 3 (not prefixed by any Subject: word or anything so I think maybe this section is raw MAPI headers? And these EML files don't display correctly in something designed to open EML files, e.g. Outlook Express. Carl _ From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 4:58 PM To: MS-Exchange Admin Issues Subject: RE: Journaling a mail-enabled public folder I apologize - yes, I thought it would lead you to the archive sink. That is what you are looking for, I believe. I don't always keep up with the changes in the various websites I recommend. My bad. Yes, synchronous sinks slow down flow. Not just delivery, but they effectively single-thread the categorizer. If you aren't a high-volume e-mail shop (I mean hundreds of e-mails per minute) then it likely isn't a problem. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 4:47 PM To: MS-Exchange Admin Issues Subject: RE: Journaling a mail-enabled public folder OK let's go with the concept of Event sinks are synchronous. Why should I care? Because they slow down mail delivery? On CDOLive, I'm seeing a whole bunch of references to Exchange 5.5. Most of the links that look interesting try to take me to a KB article that no longer exists. For example at http://www.cdolive.com/kb.htm there's a link http://support.microsoft.com/?kbid=254767 XGEN: How to Install and Use the Exchange Server Archive Sink which wants to go to KB article 254767 - no such article. But at least that got me a new keyword to google with - isn't this exactly what I'm looking for?: http://support.microsoft.com/kb/871110 How to install and use the Archive Sink utility in Exchange Server 2003 Carl _ From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 4:01 PM To: MS-Exchange Admin Issues Subject: RE: Journaling a mail-enabled public folder Look on CDOLive. They used to have lots of that kinda stuff. You are aware that those are synchronous, right? Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 3:57 PM To: MS-Exchange Admin Issues Subject: Journaling a mail-enabled public folder I need to capture all mail to and from a PF's SMTP address. Sending them to another mailbox, appending them to a file, either would work fine. It looks like a CDO.ISMTPOnArrival event sink is the ticket. Anyone have a VBscript example that does such a thing? thanks, Carl ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja
RE: Exchange OWA Front End Options
I think an ISA or ISA like server/appliance in the DMZ is still your easiest and best solution to your immediate issue. VPN or SSL VPN is good but I would look at that as an addition to rather than a replacement for a simple ISA published OWA. A simple web address for a quick check of email while at a hotel can't be beat for user friendly. And certainly not an OWA server in the DMZ. -Original Message- From: N Parr [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 12:25 PM To: MS-Exchange Admin Issues Subject: Exchange OWA Front End Options I need some recommendations for front end security to OWA. We had a Network Engines ISA appliance up till now but it is having problems and is way past end of life. I know there are a lot of options like a front end server in the DMZ, another ISA box, SSLVPN, etc. I kind of want a simple relatively cheap solution that is more or less plug and play if something like that exists. I can't support web based SSL VPN currently, I think that would be nice and easy for users but there would be a lot of time and cost up front that I don't have. Am I wanting the world and not wanting to pay for it here? Any ideas? Thanks Niles ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: NLB CAS SSL Certs
Just make you set the avail and autodiscovery stuff (AutoDiscoverServiceInternalUri), etc.. via powershell to point to the FQDN of the NLB. -Original Message- From: Matt Bullock [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 3:44 PM To: MS-Exchange Admin Issues Subject: RE: NLB CAS SSL Certs So I can remove the .local names, and use - cas1.domain.com cas2.domain.com mail.domain.com (NLB address) autodiscover.domain.com (NLB address) Thanks Neil and Andy -Original Message- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 4:21 AM To: MS-Exchange Admin Issues Subject: RE: NLB CAS SSL Certs If you point the clients to the NLB FQDN and set the autodiscovery stuff etc to the NLB address, then all you really need is that and the autodiscovery FQDN as well(dont forget autodiscovery!) No need to add the .local and actual host names of the servers unless you really want to. From: Matt Bullock [EMAIL PROTECTED] Sent: Thursday, January 24, 2008 12:24 AM To: MS-Exchange Admin Issues Subject: NLB CAS SSL Certs I am trying to figure out the proper SSL cert to purchase. I have two CAS/HUB servers using NLB for redundancy and load balancing, and I wanted to make sure a single SAN cert will do the trick. Would the following names be all I need to include in the cert? Cas1.domain.com Cas2.domain.com Cas1.domain.local Cas2.domain.local Mail.domain.com (NLB address) After installing on the first server, I'll export and install on the second. Thanks, Matt ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Delivery reciepts in Chinese
Is updating the clients to either outlook 2003 or Outlook 2007 feasible? -Original Message- From: Steve Hart [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 2:24 PM To: MS-Exchange Admin Issues Subject: RE: Delivery reciepts in Chinese Thanks. I'm not sure if that's related to my problem, but I'm grasping at straws. I have discovered one more wrinkle. Internal delivery reciepts are fine. It's only those from outside the company that are displayed in Chinese. A new Outlook profile didn't help. Steve -Original Message- From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 11:11 AM To: MS-Exchange Admin Issues Subject: Re: Delivery reciepts in Chinese http://www.petri.co.il/reset_mailbox_language.htm On Jan 25, 2008 2:05 PM, Steve Hart [EMAIL PROTECTED] wrote: Sorry to repost, but I'm striking out searching on this one. It looks like all of my Outlook 2002 users are getting their delivery receipts in Chinese. They look fine in OWA and OK in different versions of Outlook. It started when I moved the mailboxes to E2007. It looks like somehow E2007 is formatting messages in some odd way that tells Outlook 2002 to present them in Chinese. I've found one online thread (on a dozen mirrors) that involved several companies with the same issue. Unfortunately, there weren't any solutions. Has anyone here ever heard of this one? Steve From: Steve Hart [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 5:02 PM To: MS-Exchange Admin Issues Subject: Delivery reciepts in Chinese I figure I'll hit every possible snag in an Exchange 2007 migration and then we'll have all of the answers in the archives. :-) With all the big fires out, I'm working on a few minor things. I have at least two users that are getting delivery reciepts presented in Chinese by Outlook. They're in English in OWA. I found one other case of this through Google and that person had the same software, Exchange 2007 and Outlook 2002. Ideas? Steve -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Delivery reciepts in Chinese
http://www.petri.co.il/reset_mailbox_language.htm On Jan 25, 2008 2:05 PM, Steve Hart [EMAIL PROTECTED] wrote: Sorry to repost, but I'm striking out searching on this one. It looks like all of my Outlook 2002 users are getting their delivery receipts in Chinese. They look fine in OWA and OK in different versions of Outlook. It started when I moved the mailboxes to E2007. It looks like somehow E2007 is formatting messages in some odd way that tells Outlook 2002 to present them in Chinese. I've found one online thread (on a dozen mirrors) that involved several companies with the same issue. Unfortunately, there weren't any solutions. Has anyone here ever heard of this one? Steve From: Steve Hart [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 5:02 PM To: MS-Exchange Admin Issues Subject: Delivery reciepts in Chinese I figure I'll hit every possible snag in an Exchange 2007 migration and then we'll have all of the answers in the archives. :-) With all the big fires out, I'm working on a few minor things. I have at least two users that are getting delivery reciepts presented in Chinese by Outlook. They're in English in OWA. I found one other case of this through Google and that person had the same software, Exchange 2007 and Outlook 2002. Ideas? Steve -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange OWA Front End Options
Sorry, Troy. Have you heard of that new thing called 'sarcasm'? Andy -Original Message- From: Troy Meyer [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 1:22 PM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options Oh geez not this crap again. Let the ISA [EMAIL PROTECTED] go full throttle. -Original Message- From: Andy Shook [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 10:16 AM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options Actually, don't put ISA on your network b\c its CRAP! Shook -Original Message- From: Steve Moffat [mailto:[EMAIL PROTECTED] On Behalf Of Exchange (Sunbelt) Sent: Friday, January 25, 2008 1:15 PM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options Don't put the ISA in a DMZ. More secure in the domain. S -Original Message- From: Kennedy, Jim [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 2:07 PM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options I think an ISA or ISA like server/appliance in the DMZ is still your easiest and best solution to your immediate issue. VPN or SSL VPN is good but I would look at that as an addition to rather than a replacement for a simple ISA published OWA. A simple web address for a quick check of email while at a hotel can't be beat for user friendly. And certainly not an OWA server in the DMZ. -Original Message- From: N Parr [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 12:25 PM To: MS-Exchange Admin Issues Subject: Exchange OWA Front End Options I need some recommendations for front end security to OWA. We had a Network Engines ISA appliance up till now but it is having problems and is way past end of life. I know there are a lot of options like a front end server in the DMZ, another ISA box, SSLVPN, etc. I kind of want a simple relatively cheap solution that is more or less plug and play if something like that exists. I can't support web based SSL VPN currently, I think that would be nice and easy for users but there would be a lot of time and cost up front that I don't have. Am I wanting the world and not wanting to pay for it here? Any ideas? Thanks Niles ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange OWA Front End Options
master = master-bater -Original Message- From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 1:33 PM To: MS-Exchange Admin Issues Subject: Re: Exchange OWA Front End Options Andy is a master. Learn from him. (someone owes me a beer for this set up) On Jan 25, 2008 1:26 PM, Andy Shook [EMAIL PROTECTED] wrote: Sorry, Troy. Have you heard of that new thing called 'sarcasm'? Andy -Original Message- From: Troy Meyer [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 1:22 PM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options Oh geez not this crap again. Let the ISA [EMAIL PROTECTED] go full throttle. -Original Message- From: Andy Shook [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 10:16 AM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options Actually, don't put ISA on your network b\c its CRAP! Shook -Original Message- From: Steve Moffat [mailto:[EMAIL PROTECTED] On Behalf Of Exchange (Sunbelt) Sent: Friday, January 25, 2008 1:15 PM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options Don't put the ISA in a DMZ. More secure in the domain. S -Original Message- From: Kennedy, Jim [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 2:07 PM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options I think an ISA or ISA like server/appliance in the DMZ is still your easiest and best solution to your immediate issue. VPN or SSL VPN is good but I would look at that as an addition to rather than a replacement for a simple ISA published OWA. A simple web address for a quick check of email while at a hotel can't be beat for user friendly. And certainly not an OWA server in the DMZ. -Original Message- From: N Parr [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 12:25 PM To: MS-Exchange Admin Issues Subject: Exchange OWA Front End Options I need some recommendations for front end security to OWA. We had a Network Engines ISA appliance up till now but it is having problems and is way past end of life. I know there are a lot of options like a front end server in the DMZ, another ISA box, SSLVPN, etc. I kind of want a simple relatively cheap solution that is more or less plug and play if something like that exists. I can't support web based SSL VPN currently, I think that would be nice and easy for users but there would be a lot of time and cost up front that I don't have. Am I wanting the world and not wanting to pay for it here? Any ideas? Thanks Niles ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Exchange OWA Front End Options
Andy is a master. Learn from him. (someone owes me a beer for this set up) On Jan 25, 2008 1:26 PM, Andy Shook [EMAIL PROTECTED] wrote: Sorry, Troy. Have you heard of that new thing called 'sarcasm'? Andy -Original Message- From: Troy Meyer [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 1:22 PM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options Oh geez not this crap again. Let the ISA [EMAIL PROTECTED] go full throttle. -Original Message- From: Andy Shook [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 10:16 AM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options Actually, don't put ISA on your network b\c its CRAP! Shook -Original Message- From: Steve Moffat [mailto:[EMAIL PROTECTED] On Behalf Of Exchange (Sunbelt) Sent: Friday, January 25, 2008 1:15 PM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options Don't put the ISA in a DMZ. More secure in the domain. S -Original Message- From: Kennedy, Jim [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 2:07 PM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options I think an ISA or ISA like server/appliance in the DMZ is still your easiest and best solution to your immediate issue. VPN or SSL VPN is good but I would look at that as an addition to rather than a replacement for a simple ISA published OWA. A simple web address for a quick check of email while at a hotel can't be beat for user friendly. And certainly not an OWA server in the DMZ. -Original Message- From: N Parr [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 12:25 PM To: MS-Exchange Admin Issues Subject: Exchange OWA Front End Options I need some recommendations for front end security to OWA. We had a Network Engines ISA appliance up till now but it is having problems and is way past end of life. I know there are a lot of options like a front end server in the DMZ, another ISA box, SSLVPN, etc. I kind of want a simple relatively cheap solution that is more or less plug and play if something like that exists. I can't support web based SSL VPN currently, I think that would be nice and easy for users but there would be a lot of time and cost up front that I don't have. Am I wanting the world and not wanting to pay for it here? Any ideas? Thanks Niles ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange OWA Front End Options
Much of the way a front-end works changes in Exch 2007. Regardless, I think your best option is some sort reverse proxy if you really do not want people accessing any of your Exch servers directly. -Original Message- From: N Parr [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 1:23 PM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options Front end security is something that if someone decides to attack OWA they aren't able to attack my Exchange box directly, they will only be attacking the device that authenticates you then passes you off to the actually web server on the exchange box. -Original Message- From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 11:41 AM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options SSL Explorer is free and easy to use. But I'm not 100% sure what you mean by front-end security. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com -Original Message- From: N Parr [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 12:25 PM To: MS-Exchange Admin Issues Subject: Exchange OWA Front End Options I need some recommendations for front end security to OWA. We had a Network Engines ISA appliance up till now but it is having problems and is way past end of life. I know there are a lot of options like a front end server in the DMZ, another ISA box, SSLVPN, etc. I kind of want a simple relatively cheap solution that is more or less plug and play if something like that exists. I can't support web based SSL VPN currently, I think that would be nice and easy for users but there would be a lot of time and cost up front that I don't have. Am I wanting the world and not wanting to pay for it here? Any ideas? Thanks Niles ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Question about Exch2k03 and EV6/SP3
They might be considered to be shortcuts to EV, but they are just normal messages to Exchange. They should be deleted by the Mailbox Manager policy. The only way to access those messages after the shortcuts are deleted is through the Vault's search option. From: Matthew McComas [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 2:23 PM To: MS-Exchange Admin Issues Subject: Question about Exch2k03 and EV6/SP3 We run Enterprise Vault 6, SP3. We have a few mailboxes that have a policy set to archive all mail older than 6 months. The policy is working fine, as any message 6 months or older has been replaced with a stub or short-cut to the archived message. Question: If you set up a mailbox manager recipient policy to delete all mail 6 months or older for one of these 6 month or older archived mailboxes will the policy delete the Enterprise Vault short-cuts, or simply ignore them since technically they are not messages but rather short-cuts to the actual message which now resides in the EV database? Thanks, MM ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange OWA Front End Options
Actually, don't put ISA on your network b\c its CRAP! Shook -Original Message- From: Steve Moffat [mailto:[EMAIL PROTECTED] On Behalf Of Exchange (Sunbelt) Sent: Friday, January 25, 2008 1:15 PM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options Don't put the ISA in a DMZ. More secure in the domain. S -Original Message- From: Kennedy, Jim [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 2:07 PM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options I think an ISA or ISA like server/appliance in the DMZ is still your easiest and best solution to your immediate issue. VPN or SSL VPN is good but I would look at that as an addition to rather than a replacement for a simple ISA published OWA. A simple web address for a quick check of email while at a hotel can't be beat for user friendly. And certainly not an OWA server in the DMZ. -Original Message- From: N Parr [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 12:25 PM To: MS-Exchange Admin Issues Subject: Exchange OWA Front End Options I need some recommendations for front end security to OWA. We had a Network Engines ISA appliance up till now but it is having problems and is way past end of life. I know there are a lot of options like a front end server in the DMZ, another ISA box, SSLVPN, etc. I kind of want a simple relatively cheap solution that is more or less plug and play if something like that exists. I can't support web based SSL VPN currently, I think that would be nice and easy for users but there would be a lot of time and cost up front that I don't have. Am I wanting the world and not wanting to pay for it here? Any ideas? Thanks Niles ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange OWA Front End Options
SSL Explorer is free and easy to use. But I'm not 100% sure what you mean by front-end security. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com -Original Message- From: N Parr [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 12:25 PM To: MS-Exchange Admin Issues Subject: Exchange OWA Front End Options I need some recommendations for front end security to OWA. We had a Network Engines ISA appliance up till now but it is having problems and is way past end of life. I know there are a lot of options like a front end server in the DMZ, another ISA box, SSLVPN, etc. I kind of want a simple relatively cheap solution that is more or less plug and play if something like that exists. I can't support web based SSL VPN currently, I think that would be nice and easy for users but there would be a lot of time and cost up front that I don't have. Am I wanting the world and not wanting to pay for it here? Any ideas? Thanks Niles ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Setting up RPC-HTTPS
On Jan 25, 2008 4:02 AM, [EMAIL PROTECTED] wrote: Sorry Kurt, I was not suggesting that you were incapable of following, merely validating that they have worked for me just following those..with a slight hint of..check for fat fingering. No slight was inferred - It's always helpful to go back and check things. Also did you add the blank line at the end of the registry file when you copied and pasted the reg keys? Oh, I'm a bad boy! I did for the Exchange reg entry, but not for the DC reg entry. I just fixed that, but it seems not to have made a difference. Same error. On all of mine I have the default website selected for require ssl, but I do know many situations where that is not the case. And they force a redirection to https://fqdn.com/exchange Let us know what the event logs turn up. Nothing that I can detect. Is there something I should be looking for? I syslog everything, and tailed my syslog file during the tests this morning, with no result, filtering either for my ID or my workstation name. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange OWA Front End Options
Don't put the ISA in a DMZ. More secure in the domain. S -Original Message- From: Kennedy, Jim [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 2:07 PM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options I think an ISA or ISA like server/appliance in the DMZ is still your easiest and best solution to your immediate issue. VPN or SSL VPN is good but I would look at that as an addition to rather than a replacement for a simple ISA published OWA. A simple web address for a quick check of email while at a hotel can't be beat for user friendly. And certainly not an OWA server in the DMZ. -Original Message- From: N Parr [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 12:25 PM To: MS-Exchange Admin Issues Subject: Exchange OWA Front End Options I need some recommendations for front end security to OWA. We had a Network Engines ISA appliance up till now but it is having problems and is way past end of life. I know there are a lot of options like a front end server in the DMZ, another ISA box, SSLVPN, etc. I kind of want a simple relatively cheap solution that is more or less plug and play if something like that exists. I can't support web based SSL VPN currently, I think that would be nice and easy for users but there would be a lot of time and cost up front that I don't have. Am I wanting the world and not wanting to pay for it here? Any ideas? Thanks Niles ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Delivery reciepts in Chinese
Thanks. I'm not sure if that's related to my problem, but I'm grasping at straws. I have discovered one more wrinkle. Internal delivery reciepts are fine. It's only those from outside the company that are displayed in Chinese. A new Outlook profile didn't help. Steve -Original Message- From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 11:11 AM To: MS-Exchange Admin Issues Subject: Re: Delivery reciepts in Chinese http://www.petri.co.il/reset_mailbox_language.htm On Jan 25, 2008 2:05 PM, Steve Hart [EMAIL PROTECTED] wrote: Sorry to repost, but I'm striking out searching on this one. It looks like all of my Outlook 2002 users are getting their delivery receipts in Chinese. They look fine in OWA and OK in different versions of Outlook. It started when I moved the mailboxes to E2007. It looks like somehow E2007 is formatting messages in some odd way that tells Outlook 2002 to present them in Chinese. I've found one online thread (on a dozen mirrors) that involved several companies with the same issue. Unfortunately, there weren't any solutions. Has anyone here ever heard of this one? Steve From: Steve Hart [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 5:02 PM To: MS-Exchange Admin Issues Subject: Delivery reciepts in Chinese I figure I'll hit every possible snag in an Exchange 2007 migration and then we'll have all of the answers in the archives. :-) With all the big fires out, I'm working on a few minor things. I have at least two users that are getting delivery reciepts presented in Chinese by Outlook. They're in English in OWA. I found one other case of this through Google and that person had the same software, Exchange 2007 and Outlook 2002. Ideas? Steve -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange OWA Front End Options
Your statement was ambiguous Andy. It was not clear whether his network or ISA was crap. I came. ISA. I conquered. Besides, I think ISA is more secure in its own DMZ. -Original Message- From: Andy Shook [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 10:26 AM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options Sorry, Troy. Have you heard of that new thing called 'sarcasm'? Andy -Original Message- From: Troy Meyer [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 1:22 PM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options Oh geez not this crap again. Let the ISA [EMAIL PROTECTED] go full throttle. -Original Message- From: Andy Shook [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 10:16 AM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options Actually, don't put ISA on your network b\c its CRAP! Shook -Original Message- From: Steve Moffat [mailto:[EMAIL PROTECTED] On Behalf Of Exchange (Sunbelt) Sent: Friday, January 25, 2008 1:15 PM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options Don't put the ISA in a DMZ. More secure in the domain. S -Original Message- From: Kennedy, Jim [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 2:07 PM To: MS-Exchange Admin Issues Subject: RE: Exchange OWA Front End Options I think an ISA or ISA like server/appliance in the DMZ is still your easiest and best solution to your immediate issue. VPN or SSL VPN is good but I would look at that as an addition to rather than a replacement for a simple ISA published OWA. A simple web address for a quick check of email while at a hotel can't be beat for user friendly. And certainly not an OWA server in the DMZ. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~