Tag Archive: Exchange Server 2007


Exchange comes with some default limits on attachment size and file types. this is for security as well as stability- without limits a user could send a 1 Gb movie to a distribution list, which would seriously hamper your server. I am typically good with defaults, but I am having an issue with Sharepoint. I can not seem to upload a 500Mb PowerPoint presentation. I tried upload from the site, I tried file copy in windows explorer. I then broke the file in half, and still can’t get it over. So I thought I would email it to my list- I do have several libraries mail enabled.

Exceed File Size

Exceed File Size

The file is 117 Mb. That is not too big for Outlook or Exchange, though it is for my Sharepoint. And yes, I changed the connection timeout and the file size limit in CentralAdmin- still got nothing.

To change the max attachment size in Exchange 2007, open up Exchange Management console. Expand Organization configuration and click on Hub Transport. Click on the Global Settings tab, and double-click Transport Settings. Change the first two values to what fits your needs. I changed mine to 1 Gb each- I will be changing them back after I send this file.

Transport Settings

Transport Settings

this can also be done in the Active directory.

Click Start>Run and type mmc.exe

Click file, add or remove snap-in.

Click ADSI Edit, and Add. Click Ok.

In the console that opens, right-click ADSI Edit, and click Connect to.

Select the radial button that says A Well Known Naming Context, and select Configuration.

Connect Configuration

Connect Configuration

Click Ok.

Expand Configuration>CN…>Services>Microsoft Exchange>first Organization>Global Settings>

Right click Message Delivery and select properties.

Change these attributes to manipulate the size values:

delivContLength – incoming message size limit (default is 10240)

submissionContLength – receiving message limit (default is 10240)

Message Delivery Properties

Message Delivery Properties

Close out everything you did, and go back to Outlook… Oh no! You STILL cant attach the file. Well if Exchange is not stopping you anymore, what is? Outlook itself?

Outlook 2010 restricts message size to 20 Mb. Lets change this as well.

Start>Run.

Type regedit and click open.

Navigate to HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Preferences

Right click the folder and select new DWord Value. Name the new key MaximumAttachmentSize.

Right click the new key, select decimal, and enter the size you want to increase it to. I used the same value I used in Exchange 2007, or 1024000.

Restart Outlook, attach away.

Remember, messing with the registry can brick your system. Backup first, and write down what you did so that if errors occur, you can reverse them easily.

There is one more setting that supposedly changes the way your site handles attachment size, which is done wy adding some code to the web.config file for one of your site’s pages. I will not get into it, as I did not do it. Google search for it and you will come up with a few sites.

Advertisements

The company I work for has several “program” divisions under the main company. Each of these programs has a slew of employees, some more than others. Inside each of these programs are also further divisions by team name. Now keeping track of a manually created distribution group can become a nightmare when employees change programs and teams often. I have been keeping up with this manually in the past for several reasons:

  • Manual groups are easy to work with using the SBS Console
  • They are easy to see and well-defined under Groups
  • They are easy to add extra people to (All of program A in this group plus 2 people in program B)

I finally decided to take the plunge and do this dynamically; in other words Exchange will actually populate the recipients at the time of sending and email to that group. There are a few drawbacks to this method:

  • You can’t easily view the recipients of the group
  • You can’t easily test if the group is working
  • You need to be very organized when it comes to the AD
  • Forgetting to correct an AD attribute means the user wont get group mail

To start this process off, I created a list of all programs, employees, and which groups they belonged too. I also used this time to correctly configure AD Properties, Managers and Direct Reports- you can do this or not as you see fit.

I went to Active Directory Users and Computers Console, and opened up MyBusiness/Users/SBSUsers.

Active Directory Users and Computers

Active Directory Users and Computers

I then double clicked each employee and changed several features about their properties. I clicked the Organization tab and specified the properties for each user. Job title is the employee’s job title. the company are all the same.

NOTE: To change the same property value for multiple users, hold ctrl and click each user’s name in ADUC. Once you have them selected, right-click and say properties. Enable the field you are editing, and change the value. This is a quick way to say apply the company name to all users.

User Account

User Account

I then changed the manager for each employee, etc. Now the department is the field that I used for my distinction, and it is also the attribute I will use to create my dynamic lists. I start off labelling every user by department on the program level. Let’s say my programs are named Sales, and Administration. I add either program to each users properties. Then the Sales program is further broken down into groups, we will call them A, B, and C. User1 might be Administration, User2 might be Sales – A, while User3 is Sales – C.

Notice how I formatted the groups: space then dash then space then group. You do not have to do it like this- but whatever you do it must be consistent across the board.

Now we will go ahead and create the Dynamic Distribution Group. Open up Exchange Management Console from Start>Microsoft Exchange Server. Right-click on Recipient configuration, and select New Dynamic Distribution Group.

New Dynamic Distribution Group

New Dynamic Distribution Group

A wizard appears. For Organization Unit, this is where the distribution group is created. You might want to browse and create these groups under the Distribution Groups object in MyBusiness. I left mine to be created in SBSUsers. You need to assign a name for the group. this will be used to identify the group in AD. The alias will be what users send mail to. For this demonstration I will use a group name of Sales Group A, with an alias of SalesA.

New Group

New Group

This means for users to send email to this group they will compose a mail to SalesA@company.com.

Click Next.

Now select the container where you will apply the filter. This is the container that contains the items to which you will pull addresses from. In this case, it is our Users folder in MyBusiness/Users/SBSUsers. You can further customize the filter by using the provided check boxes. For this example, we will leave All Recipient Types selected. Click Next.

Now we select which item defines which addresses will be included in the group. Select Department (if you remember, this is the defining attribute we used to split our company up into programs and subgroups).

Select Department

Select Department

Now in the bottom window, click on specified. Now in the text box enter the EXACT matching text from the department of the users AD properties that you wish to capture. In this instance, we wish to put everyone in Sales Group A into this distribution list, so we enter:

Sales – A

And click Add, then Ok.

Specify Department

Specify Department

At the bottom of the window is a Preview button. Click this and the members that match the filter will display. Make sure you typed everything correctly and you should be seeing all members of Sales Group A. this is the only way to easily check the group membership, so make sure it is right.

Click Next, Click New.

The Wizard should complete with a Green Checkmark, and you can finish it out.

You can test the group by sending out an email to that group with return receipts on it. You can also change your own AD Properties to match the filter, so that you receive an email when you mail that group. There is one more way to check membership, which is documented here. Make sure to read the comments.

You run the Exchange 2007 BPA, and get a non-default setting like this one:

BPA Alert

BPA Alert

First, I will explain what caused this. You wanted to disable some settings using netsh, namely autotuning level and rss, by entering these commands at the prompt:

netsh in tcp set global autotuninglevel=disabled

This is done fro two reasons. One, it speeds up remote desktop connections, which can be really slow. Second, it comes up in the SBS 2008 BPA as a warning and invites you to run up to 4 netsh commands to change the TCP values. Don’t you love how Microsoft tells us to fix one thing while the fix causes another problem? Hum.

Go to this key, and look at the values. They are probably messed up like mine, though some of them can be messed up and not others. Your keepalivetime key might be some high number like the rest, mine is sixty.

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Regedit

Regedit

So now, let’s reverse these settings. These settings are important- you can’t just go into the registry and delete or change the values. Microsoft provides a hotfix that will stop these netsh commands from changing the values- I won’t be running them again, I do not need the hotfix. Hotfix’s and my production server don’t mix well. He hotfix is here.

First, we should restore a backup prior to the change if we have one. I do not, so meh. But I will take this opportunity to MAKE a backup, in case I botch something here. Right click the Parameters folder, and click export. Give it a nice name, like tcpip-param.reg and save it someplace safe. If all else fails we can restore this later.

Microsoft provides a PowerShell script to fix these entries. Let’s see if we can get that to work. Download the script from here. You will have to log in. Ill download it and host it on WordPress. I assure you this file is safe, but if you are unsure get the one from MS. Here is the ps1 file. I renamed it to a .doc. To change it back download it and rename it to netshregfix.ps1. Here is the code it contains. you could also make a new text document, paste in the code, and save it as .ps1

NetshRegFix.doc

MD $env:UserProfile\Desktop\TcpIpParametersBackup
REG Export HKLM\System\CurrentControlSet\Services\TcpIp\Parameters $env:UserProfile\Desktop\TcpIpParametersBackup\Backup.Reg

Get-Item "HKLM:\System\CurrentControlSet\Services\TcpIp\Parameters" | ForEach-Object {
Set-ItemProperty -Path $_.pspath -Name "TcpTimedWaitDelay" -value 60 -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $_.pspath -Name "DisableTaskOffload" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $_.pspath -Name "EnablePMTUBHDetect" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $_.pspath -Name "EnablePMTUDiscovery" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $_.pspath -Name "KeepAliveInterval" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $_.pspath -Name "KeepAliveTime" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $_.pspath -Name "Tcp1323Opts" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $_.pspath -Name "TcpFinWait2Delay" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $_.pspath -Name "TcpMaxDataRetransmissions" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $_.pspath -Name "TcpUseRFC1122UrgentPointer" -ErrorAction SilentlyContinue
}

Write-Output "You must reboot your server for the changes to take effect"

Save the file to someplace easy to navigate to, I chose C:\. Now open Windows PowerShell. Start>Run> PowerShell.

Type in cd C:\ to navigate to where the file is. If you placed it in another location, go there.

Now type NetshRegFix.ps1

PowerShell Error

PowerShell Error

*** Before you do this step, scroll down to the next bold, asterisk’d item. You do not need to install this update- though you can if you do not have the PowerShell 2.0 yet. ***

You get an error, as if PowerShell does not even recognize that this is a script. Well, let’s update PowerShell. Go to http://support.microsoft.com/kb/968929 and select your OS. Download the MSU and install it.

It will install a “hotfix”.

Windows Update

Windows Update

Ah crap. Need to restart. So much for doing this during lunch. Ill do it at 5:30 when everyone is gone.

Restart

Restart

*** Continue from here, to complete running the script in PowerShell v1.0. ***

Wait wait. What about just running the script? Go to C:\ and double-click NetshRegFix.ps1. It opens up in Notepad. Let’s open it up in PowerShell.

Click open with, browse for program. Navigate to c:\Windows\system32\windowspowershell\v1.0\ and select powershell.exe.

Now go back to the file and double-click it. A screen flashes- did it complete? To check, go to the registry setting tcp/ip>Parameters. It should look like this:

End Result, Regedit

End Result, Regedit

You get a non-default setting when you run the Exchange 2007 BPA. It says:Disk timeout on server SOLACESERVER.solace.local is not set at the default of 10 seconds. This is normal if third-party storage software is installed. Current timeout value is 30 seconds.

As the message says, if you use some type of storage software, leave this be. I do not use any of this software, so I want to change it back to default. not that it might cause damage, but if it shows up here then it is a possability. As always make sure you backup and do this on a test server or in mock. I have no test server and I am daring, so I am going to do it during lunch on a Wednesday.

The setting is documented here.

Microsoft tells us to:

To revert to the default configuration
1.Open a registry editor, such as Regedit.exe or Regedt32.exe.

2.Navigate to:

HKLM\System\CurrentControlSet\Services\Disk\TimeOutValue

3.In the right pane, delete the TimeOutValue entry. Alternatively, double-click the TimeOutValue entry and set it to one of the following values:

On a non-clustered server, set the value to 10.

On a clustered server, set the value to 20.

If your hardware manufacturer recommends a different value for either a clustered or non-clustered system, use the value from your hardware manufacturer instead.

4.Close the registry editor, and then restart the computer for the change to take effect.

So let’s do what they tell us. Ill add some screen shots.

This is what the current registry entry looks like.

Before Change

Before Change

Double click it. Change to 10. It should look like this now:

After Change

After Change

I would like to point out this warning:

Installing host bus adapters (HBA) or other storage controllers can cause this key to be created and configured. When you install or reinstall these drivers, the TimeOutValue registry value is overwritten with the value that is required by those drivers. You may have to contact the hardware vendor to determine the correct TimeOutValue registry value for your configuration.

Read it carefully. I HAVE installed a HBA as well as a storage controller. I looked up the values for my HP Proliant, and they should be at thirty. I will leave this entry alone and safely ignore it from within the BPA.

This informational item appears under the non-default settings tab of the Exchange BPA. This happens when you customize the generation of SMTP addresses. The alert is not dangerous, and you can safely ignore it.

BPA

BPA

Let’s see what setting is causing this alert, make sure it is configured correctly, and describe what the setting is doing.

Open up Exchange Management Console and then drill down to organization Config>Hub Transport>E-Mail Address Policies. In my Exchange, I have 2 policies. In a default setup, there will only be one policy (Default Policy), and you will not get this BPA error.

Policies

Policies

Let’s explore my added setting,and what it does. I double-click my added policy which is called Windows SBS Email Address Policy. Alternately, if you are creating an additional policy you would click New Email Address Policy in the right menu.

The first page is the name of your policy. This is merely for tracking- name it whatever you want. Under that is the scope of the policy. You can set up policies to apply to only certain aspects of your AD. Mine is set to All Recipient Types (Including user account, room, contact, and equipment addresses).

Introduction

Introduction

You can further apply conditions. I do not use any but here is a scenario. You have two departments in your company: Sales and Shipping. You have two-handled email domains and they are user@salescompany.com and user@shippingcompany.com. Now when you add a new user to Exchange, you would set the conditions to identify the user’s department. If the user was in Shipping, it would automatically generate the address of username@shippingcompany.com.

Conditions

Conditions

This would be a waste of time for a small company such as mine that uses one AD container for all departments, but in larger companies this can be valuable- imagine managing email addresses manually when working with 10,000 users over the span of several companies, locations, and departments.

The next page is Email Address Policies- this is where you tell Exchange how to formulate the email addresses. I have mine set to %g.%s@company.org. The %g and %s are variables that the AD uses to identify item characteristics, in this case first and last name. When I add a user John Doe, it generates an email address John.Doe@company.com.

Policy

Policy

I could have edited the default policy which would have given me no warning, but I try to never edit defaults. In this case, if there was an error with this portion of Exchange I could delete or disable the policy without affecting email generation.

Another default setting in Exchange is under the email address tab of a users properties. Near the bottom there is a box ticked that says Automatically update email address based on recipient email address policy. If this box is ticked, changes here will affect email addresses. So get this setting right, and the addresses will be right as well.

User Properties

User Properties

Half way down this page is a table of variables and what they mean. If you are an AD guru, I am certain you can also use custom AD attributes in generation.

On the next page, set your time frame- I set mine to immediately. Let Exchange process the command and apply this to your selected recipients, and you are done.

Schedule

Schedule

You will notice the rule having a priority of 1, while the default has a priority of Lowest: This means that the new or other policy is applied before/instead of  default.

If you have problems with this policy, simply remove it.

%d bloggers like this: