Category: Exchange Server 2007

I am designing a simple HTML site for my intranet. this site will host our policies and procedures, which have been split up into roughly 600 PDF files. The pages are written in HTML with CSS 2 completely from scratch. I use NTFS permissions and URLAuthorization to control who can visit the Windows Authentication website.

The site consists of five static pages, a little CSS trickery, and now, a bit of PHP. I decided that due to the sheer volume of the PDF file’s (which are linked from within the pages, and each file name is a slew of very specific policy numbers) that it would be difficult to pin point a broken link myself.

So I came up with the idea of a broken link (or feedback) page. A very simple page, with two input fields and a textarea field (Name, Email, Comment, respectively). A submit button finishes it off.

The problem with this is that when you hit submit and the mailto: runs, it opens up your default email program and populates a new message. this is ok, but what about people without an email client, or without one configured by default?

So I decide to use a bit of PHP to get my IIS to send my mail for me, in the background.

Here it goes.

First, my setup. I have a SBS 2008 running IIS 7.0, Exchange 2007, Sharepoint, pretty much everything. I then have a very low resourced Windows Server 2008 R2 member. This server does very little, but it does have IIS 7.5 installed, in order to run Lync Server 2010.

First thing we will do is install SMTP for IIS. Open up Server Manager, expand Features.

Click Add Features on the right, then select SMTP Server. Click Install.

Install SMTP

Install SMTP


Once that completes, you will have a new tool under Administrative Tools: Internet Information Services 6.0 Manager. Make sure it is 6.0, the other IIS Manager will not let you do this.

IIS 6.0 Manager

IIS 6.0 Manager

You might get a popup about 32 or 64-bit, choose 64 and click ok.

Choose 32 or 64 Bit

Choose 32 or 64 Bit

You will see Internet Information Services in the left window, with a sub-tree of your server name. Expand that node, and you will see VirtualSMTP. Right click that and select rename, and give it a good name- in this case I named mine MemberSMTP (It’s on my domain MEMBER).

Rename SMTP Virtual Server

Rename SMTP Virtual Server

Now right-click the renamed server, and select properties.

Click the Access Tab, then select Connections.

You want to enable the server that is hosting your website (the one that needs to sendmail) to use that server. I used the radio button Only The List Below (less access is good access).

Click Add, and add the loopback or localhost IP address of the server hosting the IIS if it is local. For good measure, I also added the true IP address of the server.



Click OK, and select the button Relay…

Set this up exactly as the other list.

Click Ok, Apply, and Ok.

Right click on the VirtualServer and select Start. If it is already started, click Stop, then Start again.

Thats it for the IIS part (roughly), now on to the PHP and the form itself.

Well, before we get into it, we need to have three web pages in our site. the form itself, named feedback.htm. We need a thank you page, named thanks.htm, and an error page, named error.htm. Put these in the root of your website. Here is the HTML from one of my pages.

Note that it will not work for you perfectly lacking my CSS.

<!--pan class="hiddenSpellError" pre=-->DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "<a href=""></a>">
<html xmlns="<a href=""></a>">
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />
<meta name="Robots" content="NOINDEX" />
<meta http-equiv="PRAGMA" content="NO-CACHE" />
href="PolicyStyleSheet.css" />

    <style type="text/css">
            color: #FFFFFF;


    <!--[if IE 6]>
<style type="text/css">
/* some css fixes for IE browsers */
html {overflow-y:hidden;}
body {overflow-y:auto;}
#bg {position:absolute; z-index:-1;}
#content {position:static;}
        color: #FF0000;
        color: #999999;
<!--span class="hiddenSpellError" pre=-->endif]-->

<div id="bg"><img src="images/gradient.png" width="100%" height="100%" alt=""></div>
<div id="content">
<!-- Header -->
<div id="#hdr">
<table>80px; width: 80%;">
<td> </td>
<img src="images/small logo no background.jpg"
        style="height: 75px; margin-left: 10px;"  />
        <td align="center"><h1><a name="top">Report a Problem<br />
        or Broken Link</a></h1>

        <a href="feedback.htm" title="Feedback">Feedback</a>
    <table border="0" cellpadding="0" cellspacing="0"
        style="height: 55px; width: 48%; margin-left: 50px;">


<div id="lh-col1">

<div id="rh-col"><br />


 You pretty much just need three basic pages, with names you can remember, that have a head and body. you will customize them more later, or take the time to do so now. the error page should say something like “Sorry, you did not fill out the form correctly. Click here to return.” The thanks.htm should say something like “Hey thanks for taking the time! Go back to the site.”

Anyhow, the HTML/CSS lessons will have to come from someone else another time, if you can’t program HTML at this point, stop reading this post.

Now let’s install PHP. All of the romantics and programmers will tell you to manually install it. I don’t have time for all that, so I download the Windows binary here- VC9 x86 Non Thread Safe (2011-Jan-05 21:37:35). Once it downloads, double-click the msi file to start the install.

I selected to install all of the options. you can customize this the way you wish. Make sure to select IIS FastCGI when you get to that point.



Once that completes, we need to make a file in the root of our website. Open up Notapad and save the file as feedback.php. How you get it into your website is up to you. I actually use MS Visual Web Developer 2010, and just copied it into the file directory.

Now we need to make our script, and add some code to feedback.htm and feedback.php. there is a website that will generate it for you- go HERE. Thanks SiteWizard for such a great tool!

Scroll down and select Create a PHP feedback form, and select go to step 2.

PHP Feedback Form

PHP Feedback Form

Fill in your email address, or whoever you want to form results to be mailed to. Enter in the web address of your feedback page, thank you page, and error page. these were the feedback.htm, thanks.htm, and error.htm pages we already created. To get the correct address click on View in Browser from whatever program you are using to author your site, then copy the address for each page.

Page URL's

Page URL's

Skip over all of the optional selections. You can change these if you wish, but you don’t have to. Select to agree to the conditions, and click Generate Script.

The screen has two text areas. the top one is your feedback.PHP contents. Select all of the text, copy it, and paste it into your feedback.php file, using Notepad or your site editor.

Feedback.PHP content

Feedback.PHP content


Select the text from the second box and insert this into your feedback.htm page. It should go in the body of the page, in between <div></div> tags.

Feedback.HTM content

Feedback.HTM content


Now browse to your feedback.htm. Enter some information, and hit send. The email should arrive quickly.

If you have any problems with the HTML, post a comment and I will help out. If you have problems with IIS 7.5, ask away. If you have problems setting up PHP, view their documentation. If you need to change your PHP.ini settings, I can point you at an entry, but that’s it:

[mail function]
; For Win32 only.
SMTP = localhost
smtp_port = 25

; For Win32 only.
;sendmail_from =

; For Unix only.  You may supply arguments as well (default: "sendmail -t -i").
;sendmail_path =

And of course thanks again to TheSiteWizard.

Exchange comes with some default limits on attachment size and file types. this is for security as well as stability- without limits a user could send a 1 Gb movie to a distribution list, which would seriously hamper your server. I am typically good with defaults, but I am having an issue with Sharepoint. I can not seem to upload a 500Mb PowerPoint presentation. I tried upload from the site, I tried file copy in windows explorer. I then broke the file in half, and still can’t get it over. So I thought I would email it to my list- I do have several libraries mail enabled.

Exceed File Size

Exceed File Size

The file is 117 Mb. That is not too big for Outlook or Exchange, though it is for my Sharepoint. And yes, I changed the connection timeout and the file size limit in CentralAdmin- still got nothing.

To change the max attachment size in Exchange 2007, open up Exchange Management console. Expand Organization configuration and click on Hub Transport. Click on the Global Settings tab, and double-click Transport Settings. Change the first two values to what fits your needs. I changed mine to 1 Gb each- I will be changing them back after I send this file.

Transport Settings

Transport Settings

this can also be done in the Active directory.

Click Start>Run and type mmc.exe

Click file, add or remove snap-in.

Click ADSI Edit, and Add. Click Ok.

In the console that opens, right-click ADSI Edit, and click Connect to.

Select the radial button that says A Well Known Naming Context, and select Configuration.

Connect Configuration

Connect Configuration

Click Ok.

Expand Configuration>CN…>Services>Microsoft Exchange>first Organization>Global Settings>

Right click Message Delivery and select properties.

Change these attributes to manipulate the size values:

delivContLength – incoming message size limit (default is 10240)

submissionContLength – receiving message limit (default is 10240)

Message Delivery Properties

Message Delivery Properties

Close out everything you did, and go back to Outlook… Oh no! You STILL cant attach the file. Well if Exchange is not stopping you anymore, what is? Outlook itself?

Outlook 2010 restricts message size to 20 Mb. Lets change this as well.


Type regedit and click open.

Navigate to HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Preferences

Right click the folder and select new DWord Value. Name the new key MaximumAttachmentSize.

Right click the new key, select decimal, and enter the size you want to increase it to. I used the same value I used in Exchange 2007, or 1024000.

Restart Outlook, attach away.

Remember, messing with the registry can brick your system. Backup first, and write down what you did so that if errors occur, you can reverse them easily.

There is one more setting that supposedly changes the way your site handles attachment size, which is done wy adding some code to the web.config file for one of your site’s pages. I will not get into it, as I did not do it. Google search for it and you will come up with a few sites.

The company I work for has several “program” divisions under the main company. Each of these programs has a slew of employees, some more than others. Inside each of these programs are also further divisions by team name. Now keeping track of a manually created distribution group can become a nightmare when employees change programs and teams often. I have been keeping up with this manually in the past for several reasons:

  • Manual groups are easy to work with using the SBS Console
  • They are easy to see and well-defined under Groups
  • They are easy to add extra people to (All of program A in this group plus 2 people in program B)

I finally decided to take the plunge and do this dynamically; in other words Exchange will actually populate the recipients at the time of sending and email to that group. There are a few drawbacks to this method:

  • You can’t easily view the recipients of the group
  • You can’t easily test if the group is working
  • You need to be very organized when it comes to the AD
  • Forgetting to correct an AD attribute means the user wont get group mail

To start this process off, I created a list of all programs, employees, and which groups they belonged too. I also used this time to correctly configure AD Properties, Managers and Direct Reports- you can do this or not as you see fit.

I went to Active Directory Users and Computers Console, and opened up MyBusiness/Users/SBSUsers.

Active Directory Users and Computers

Active Directory Users and Computers

I then double clicked each employee and changed several features about their properties. I clicked the Organization tab and specified the properties for each user. Job title is the employee’s job title. the company are all the same.

NOTE: To change the same property value for multiple users, hold ctrl and click each user’s name in ADUC. Once you have them selected, right-click and say properties. Enable the field you are editing, and change the value. This is a quick way to say apply the company name to all users.

User Account

User Account

I then changed the manager for each employee, etc. Now the department is the field that I used for my distinction, and it is also the attribute I will use to create my dynamic lists. I start off labelling every user by department on the program level. Let’s say my programs are named Sales, and Administration. I add either program to each users properties. Then the Sales program is further broken down into groups, we will call them A, B, and C. User1 might be Administration, User2 might be Sales – A, while User3 is Sales – C.

Notice how I formatted the groups: space then dash then space then group. You do not have to do it like this- but whatever you do it must be consistent across the board.

Now we will go ahead and create the Dynamic Distribution Group. Open up Exchange Management Console from Start>Microsoft Exchange Server. Right-click on Recipient configuration, and select New Dynamic Distribution Group.

New Dynamic Distribution Group

New Dynamic Distribution Group

A wizard appears. For Organization Unit, this is where the distribution group is created. You might want to browse and create these groups under the Distribution Groups object in MyBusiness. I left mine to be created in SBSUsers. You need to assign a name for the group. this will be used to identify the group in AD. The alias will be what users send mail to. For this demonstration I will use a group name of Sales Group A, with an alias of SalesA.

New Group

New Group

This means for users to send email to this group they will compose a mail to

Click Next.

Now select the container where you will apply the filter. This is the container that contains the items to which you will pull addresses from. In this case, it is our Users folder in MyBusiness/Users/SBSUsers. You can further customize the filter by using the provided check boxes. For this example, we will leave All Recipient Types selected. Click Next.

Now we select which item defines which addresses will be included in the group. Select Department (if you remember, this is the defining attribute we used to split our company up into programs and subgroups).

Select Department

Select Department

Now in the bottom window, click on specified. Now in the text box enter the EXACT matching text from the department of the users AD properties that you wish to capture. In this instance, we wish to put everyone in Sales Group A into this distribution list, so we enter:

Sales – A

And click Add, then Ok.

Specify Department

Specify Department

At the bottom of the window is a Preview button. Click this and the members that match the filter will display. Make sure you typed everything correctly and you should be seeing all members of Sales Group A. this is the only way to easily check the group membership, so make sure it is right.

Click Next, Click New.

The Wizard should complete with a Green Checkmark, and you can finish it out.

You can test the group by sending out an email to that group with return receipts on it. You can also change your own AD Properties to match the filter, so that you receive an email when you mail that group. There is one more way to check membership, which is documented here. Make sure to read the comments.

You run the Exchange 2007 BPA, and get a non-default setting like this one:

BPA Alert

BPA Alert

First, I will explain what caused this. You wanted to disable some settings using netsh, namely autotuning level and rss, by entering these commands at the prompt:

netsh in tcp set global autotuninglevel=disabled

This is done fro two reasons. One, it speeds up remote desktop connections, which can be really slow. Second, it comes up in the SBS 2008 BPA as a warning and invites you to run up to 4 netsh commands to change the TCP values. Don’t you love how Microsoft tells us to fix one thing while the fix causes another problem? Hum.

Go to this key, and look at the values. They are probably messed up like mine, though some of them can be messed up and not others. Your keepalivetime key might be some high number like the rest, mine is sixty.




So now, let’s reverse these settings. These settings are important- you can’t just go into the registry and delete or change the values. Microsoft provides a hotfix that will stop these netsh commands from changing the values- I won’t be running them again, I do not need the hotfix. Hotfix’s and my production server don’t mix well. He hotfix is here.

First, we should restore a backup prior to the change if we have one. I do not, so meh. But I will take this opportunity to MAKE a backup, in case I botch something here. Right click the Parameters folder, and click export. Give it a nice name, like tcpip-param.reg and save it someplace safe. If all else fails we can restore this later.

Microsoft provides a PowerShell script to fix these entries. Let’s see if we can get that to work. Download the script from here. You will have to log in. Ill download it and host it on WordPress. I assure you this file is safe, but if you are unsure get the one from MS. Here is the ps1 file. I renamed it to a .doc. To change it back download it and rename it to netshregfix.ps1. Here is the code it contains. you could also make a new text document, paste in the code, and save it as .ps1


MD $env:UserProfile\Desktop\TcpIpParametersBackup
REG Export HKLM\System\CurrentControlSet\Services\TcpIp\Parameters $env:UserProfile\Desktop\TcpIpParametersBackup\Backup.Reg

Get-Item "HKLM:\System\CurrentControlSet\Services\TcpIp\Parameters" | ForEach-Object {
Set-ItemProperty -Path $_.pspath -Name "TcpTimedWaitDelay" -value 60 -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $_.pspath -Name "DisableTaskOffload" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $_.pspath -Name "EnablePMTUBHDetect" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $_.pspath -Name "EnablePMTUDiscovery" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $_.pspath -Name "KeepAliveInterval" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $_.pspath -Name "KeepAliveTime" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $_.pspath -Name "Tcp1323Opts" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $_.pspath -Name "TcpFinWait2Delay" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $_.pspath -Name "TcpMaxDataRetransmissions" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $_.pspath -Name "TcpUseRFC1122UrgentPointer" -ErrorAction SilentlyContinue

Write-Output "You must reboot your server for the changes to take effect"

Save the file to someplace easy to navigate to, I chose C:\. Now open Windows PowerShell. Start>Run> PowerShell.

Type in cd C:\ to navigate to where the file is. If you placed it in another location, go there.

Now type NetshRegFix.ps1

PowerShell Error

PowerShell Error

*** Before you do this step, scroll down to the next bold, asterisk’d item. You do not need to install this update- though you can if you do not have the PowerShell 2.0 yet. ***

You get an error, as if PowerShell does not even recognize that this is a script. Well, let’s update PowerShell. Go to and select your OS. Download the MSU and install it.

It will install a “hotfix”.

Windows Update

Windows Update

Ah crap. Need to restart. So much for doing this during lunch. Ill do it at 5:30 when everyone is gone.



*** Continue from here, to complete running the script in PowerShell v1.0. ***

Wait wait. What about just running the script? Go to C:\ and double-click NetshRegFix.ps1. It opens up in Notepad. Let’s open it up in PowerShell.

Click open with, browse for program. Navigate to c:\Windows\system32\windowspowershell\v1.0\ and select powershell.exe.

Now go back to the file and double-click it. A screen flashes- did it complete? To check, go to the registry setting tcp/ip>Parameters. It should look like this:

End Result, Regedit

End Result, Regedit

You get a non-default setting when you run the Exchange 2007 BPA. It says:Disk timeout on server SOLACESERVER.solace.local is not set at the default of 10 seconds. This is normal if third-party storage software is installed. Current timeout value is 30 seconds.

As the message says, if you use some type of storage software, leave this be. I do not use any of this software, so I want to change it back to default. not that it might cause damage, but if it shows up here then it is a possability. As always make sure you backup and do this on a test server or in mock. I have no test server and I am daring, so I am going to do it during lunch on a Wednesday.

The setting is documented here.

Microsoft tells us to:

To revert to the default configuration
1.Open a registry editor, such as Regedit.exe or Regedt32.exe.

2.Navigate to:


3.In the right pane, delete the TimeOutValue entry. Alternatively, double-click the TimeOutValue entry and set it to one of the following values:

On a non-clustered server, set the value to 10.

On a clustered server, set the value to 20.

If your hardware manufacturer recommends a different value for either a clustered or non-clustered system, use the value from your hardware manufacturer instead.

4.Close the registry editor, and then restart the computer for the change to take effect.

So let’s do what they tell us. Ill add some screen shots.

This is what the current registry entry looks like.

Before Change

Before Change

Double click it. Change to 10. It should look like this now:

After Change

After Change

I would like to point out this warning:

Installing host bus adapters (HBA) or other storage controllers can cause this key to be created and configured. When you install or reinstall these drivers, the TimeOutValue registry value is overwritten with the value that is required by those drivers. You may have to contact the hardware vendor to determine the correct TimeOutValue registry value for your configuration.

Read it carefully. I HAVE installed a HBA as well as a storage controller. I looked up the values for my HP Proliant, and they should be at thirty. I will leave this entry alone and safely ignore it from within the BPA.

%d bloggers like this: