In the microsoft SBS 2011 you can login to your server/network via a simple webbrowser.
For this the setup asks you the external dns name of your server and then magically configures everything.
So when you for example use: myserver.mycompany.com as server name, then you can access to the RWA (Remote Web Access) part with the url https://myserver.mycompany.com/Remote
The Outlook Web Access is found on https://myserver.mycompany.com/owa
So far everything is fine.
But when you now wish to have the users directly redirected to the webinterface of OWA when they enter the server url, then you have a problem.
http://myserver.mycompany.com is always redirected to https://myserver.mycompany.com/Remote
According to MS this is "By design" and can not be changed/modified.
Normal people would configure such a redirect in the IIS Manager and define the target url there. Apparently MS SBS developers are not part of the "normal people" group, they have probably hard coded this redirection in some dll, .net stuff or who ever....
In SBS 2008 server the same was also true, but you could at least hack it to make the redirect as you wished.
The recommendation for SBS 2011 is to setup a external website with some kind of webmail.mycompany.com URL and then make there a redirect to https://myserver.mycompany.com/owa
Very cool feature, the all-in-one solution of MS does require additional web servers to configure your server as you wish it.
The other readical solution to this problem is to completly remove the /Remote virtual stuff from your IIS (And loosing the corresponding functionality) and then just put a redirect at that level on the server....
Monday, June 6, 2011
SMTP SSL in Exchange 2007/2010
In exchange 2007 and higher, the default connector are configured to accept passwords only when using a secured connection (Like SSL or TLS).
A good idea
, but...
The SSL option is only available for POP and IMAP, on SMTP you miss this option, here you can only configure a TLS secured connection.
Not a problem.... do you think?
When you still have users accessing your mail server via POP3/SMTP with MS Outlook 2003 (Not uncommon these days) then they don't have the option to use SMTP with TLS, only SMTP with SSL is available...
Other products from the same company not offering SMTP with TLS are: Outlook Express, Windows Mail....
So you will either have to upgrade all clients to a new MS Office version, or downgrade security on your exchange server and allow the SMTP connector to also accept password over unsafe connections.
Or, probably the best thing to do: Just switch to a real mail user agent like thunderbird.....
A good idea
, but...
The SSL option is only available for POP and IMAP, on SMTP you miss this option, here you can only configure a TLS secured connection.
Not a problem.... do you think?
When you still have users accessing your mail server via POP3/SMTP with MS Outlook 2003 (Not uncommon these days) then they don't have the option to use SMTP with TLS, only SMTP with SSL is available...
Other products from the same company not offering SMTP with TLS are: Outlook Express, Windows Mail....
So you will either have to upgrade all clients to a new MS Office version, or downgrade security on your exchange server and allow the SMTP connector to also accept password over unsafe connections.
Or, probably the best thing to do: Just switch to a real mail user agent like thunderbird.....
Wednesday, June 1, 2011
Migration of MS SBS 2003 to MS SBS 2011
Microsoft has a good document about the steps to migrate a SBS 2003 server to SBS 2011.
It is normally easy and well documented. But as always, there are things not working es expected or documented.
Here a few things:
Migration fails when joining the domain (dcpromo)
DHCP reservations are not migrated
After mailbox migration to the new server, the mailboxes are not available and/or the owa shows just a empty screen after login
Fax migration
It is normally easy and well documented. But as always, there are things not working es expected or documented.
Here a few things:
Migration fails when joining the domain (dcpromo)
- When installing the new server it should automatically join the old domain
- If that join fails, then the migration wizard shows a fatal error and tells you to restart with the whole installtion. (Of course at this point you already had waited about 1-2 hours)
- When you google (or bing) arround, you will see that a "recovery" of the setup process is still possible. Look here for more details.
- One problem might be, that your migration account (usually the Administrator) is using a weak password, one not meeting 2008R2 complex password rules
- Another might be, that your migration user is not member of all required groups
DHCP reservations are not migrated
- Yep, can occure, sometimes it works, sometimes not
- In that case export the leases from the old server and then either add them manually on the new server. See here how to do it almost automatically
After mailbox migration to the new server, the mailboxes are not available and/or the owa shows just a empty screen after login
- Make sure the all required exchange services are running (For example the "MS Exchange RPC Client" is one to not correctly autostart after a server reboot
- Access to smtp, pop and imap is no longer allowed with plain text passwords. So you should confiure your clients to use either POP/IMAP with (start)tls or/and with SSL
- IMAP and POP3 connectors are not started by default, you have to enable these services in the service manager
- For external SMTP access to your server (for non-outlook users) it is best to create a SMTP connector on Port 587 (Submission port), that way you can prevent problems when your ISP blocks connections to the standard smtp port
Fax migration
- You still have to configure the fax service on the new server before doing the fax migration
Tuesday, May 3, 2011
Allow SMTP users to send emails in Exchange 2010
When you need to integrate normal email clients in a exchange 2010 environment, you probably get problems with sending mails to the outside world.
To solve this you normaly do the following:
But unfortunally Exchange does still return a error message like:
"550 5.7.1 Client does not have permission to send as this sender"
To solve this, you have to allow all authenticated users to send mails via this connector.
This can be done via the Exchange shell with this command:
Unfortunally non-english servers just won't find the corresponding group, since it is named differently (Read localized)
To find out the correct group name you can use this command:
For a german installation the corresponding group is "NT-AUTORITÄT\Authentifizierte Benutzer"
So the final command for the german exchange server is:
To solve this you normaly do the following:
- Create SMTP connector your users will use for sending mails
- This connector must require user authentication
But unfortunally Exchange does still return a error message like:
"550 5.7.1 Client does not have permission to send as this sender"
To solve this, you have to allow all authenticated users to send mails via this connector.
This can be done via the Exchange shell with this command:
Add-AdPermission -Identity "MySMTPConnector" -User "NT AUTHORITY\Authenticated Users" -ExtendedRights ms-Exch-SMTP-Accept-Any-Sender
Unfortunally non-english servers just won't find the corresponding group, since it is named differently (Read localized)
To find out the correct group name you can use this command:
Get-Adpermission -Identity "MySMTPConnector" | format-table -view identity
For a german installation the corresponding group is "NT-AUTORITÄT\Authentifizierte Benutzer"
So the final command for the german exchange server is:
Add-AdPermission -Identity "MySMTPConnector" -User "NT-AUTORITÄT\Authentifizierte Benutzer" -ExtendedRights ms-Exch-SMTP-Accept-Any-Sender
Wednesday, April 27, 2011
Java server side connector for CKEditor
We just published our first version of a java connector for CKEditor V3.x
You can find it here: http://sourceforge.net/projects/jckconnector/
It allows you to integrate file browsing/linking in your java server application.
Technically it uses vaadin the webinterface to the user.
You can provide your own version of the file store and link store.
It's the alpha release with probably some security holes "included"
You can find it here: http://sourceforge.net/projects/jckconnector/
It allows you to integrate file browsing/linking in your java server application.
Technically it uses vaadin the webinterface to the user.
You can provide your own version of the file store and link store.
It's the alpha release with probably some security holes "included"
Wuala now also available for Android
The secure online storage system Wuala (by Lacie) has just released the Android version of the client software.
Now you can access your files from Windows, OS-X, Linux, iOS and Android (And public files via Webinterface)
Now you can access your files from Windows, OS-X, Linux, iOS and Android (And public files via Webinterface)
Wednesday, April 13, 2011
Disk partition alignment in windows
When creating partitions under windows, you should take care to get the correct alignment.
With the correct alignment you can gain/loose between 10-40% of performance.
The technical details can be found here:
http://msdn.microsoft.com/en-us/library/dd758814%28v=sql.100%29.aspx
It's a document about SQL 2008 server, but the same applies for "normal" applications too.
With the correct alignment you can gain/loose between 10-40% of performance.
The technical details can be found here:
http://msdn.microsoft.com/en-us/library/dd758814%28v=sql.100%29.aspx
It's a document about SQL 2008 server, but the same applies for "normal" applications too.
Subscribe to:
Posts (Atom)