October 2006 Archives

Sometimes you actually want one account to have access to all the mailboxes in a database, on the store, or in an organization. In Exchange 5.5, you could just use the service account; in Exchange 2000 and Exchange 2003, you have to resort to various kinds of tomfoolery. In Exchange 2003, the Domain Admins and Enterprise Admins security groups (and the built-in Administrator account) actually have an explicit deny ACE that prevents you from using these accounts to gain service access. What about Exchange 2007?

Interesting thread over at Ed's blog: he had a Tumi bag that died, Tumi wouldn't replace it, and so Ed posted about his search for a replacement. Two things happened: Tumi saw his post and replaced his bag with a new one, and Briggs & Riley, the brand he was considering as a replacement, contacted him and offered to let him try one of their bags. I love to see this happen, and not because companies send me lots of stuff (I didn't even get one of those crappy phones that Sprint was slinging around with such abandon a few months ago.)

Clearly both Tumi and Briggs & Riley "get it"; they saw a good opportunity to score some positive marketing for their products at relatively low cost. This is a smart strategy, and one which I expect to become a differentiator between savvy companies that understand how to enter into conversations with the broad community and the old school (which normally just shouts at them à la traditional advertising).

(and apologies to all my readers who saw the word "angels" and were expecting a more spiritual contribution!)

Today I powered up and configured the Intel/Eicon PIMG gateway, which links the Mitel 3300 ICP with Exchange 2007. However, this has exposed a major structural problem.

My current office is divided into two halves: in one half, I have a shelving unit that has the 3300, all of my servers, and some related stuff-n-junk (like a KVM switch, an old Dell keyboard, and an ancient 17" CRT). In the other half, I have my main network switch, my phone panel, and my work machines. Both sides are already networked together, but:

• the 3300 can provide Power over Ethernet (PoE) to the Mitel phones, without which they won't work. (Mitel makes a desk sled that powers the phones but I don't have any of those).
• I need to run two analog lines from the phone panel to the 3300, then back again; the ASU in the 3300 will let it answer the analog extensions and do call transfer, forwarding, etc. between the digital and analog lines-- very cool
• I really need a phone on my desk
• The 3300 is way noisier than any other piece of equipment in my office

Thus I get to choose between "lots of cables on the floor" or "unrelenting fan noise". Not a great choice. In a couple of weeks when my upstairs office is finished, the question will be moot, so for now I'm going to leave the 3300 where it is and run one long net cable to it so I can power a desk phone. Analog line integration will have to wait for now.

Technorati Tags: Exchange 2007, Mitel, Unified Messaging

Yes, it’s that time of year again! Even though we haven’t even started the fall 2006 Exchange Connections show, I’m already looking for session proposals for the spring 2007 show (1-4 April in Orlando-- finally, a time that coincides with my kids' spring school break!).

Our goal is to have about 50% coverage of Exchange 2007, Office 2007, and SharePoint 2007 and about 50% on Exchange 2003, Office 2003, and related topics like Live Communications Server, deployment, and security. We're interested in sessions that cover all aspects of Microsoft's communications and collaboration stack: security, development, management, operations, migration, and integration.

If you're interested in speaking, please send me 3-5 short abstracts and a brief speaker bio. I need these by EOD Wednesday, November 1. (Thanks to Nino for correcting the date!)

Technorati Tags: Exchange 2007, ExchConn

Great post at the Exchange team blog covering how server and recipient filtering work in the new Exchange Management Console. Don't confuse this kind of filtering with recipient filtering in the anti-spam stack; same name but two entirely different things.

I've been using Office 2007 since before beta 2, and I've been very pleased with it. The ribbon interface makes Excel usable at long last; Word's new document comparison features rock, and Outlook is a major improvement (the To-Do Bar alone would sell me an upgrade). Unfortunately, I'm starting to work on a project that requires me to use a set of custom content management tools, and they only work with Word 2003. I could always build a VM that has the older version, but that would introduce its own set of complications (like needing another Windows XP license). So, until the tool is updated to work with Word 2007, I'm removing Office 2007 and reinstalling Office 2003 on my two laptops (one's physical, the other's a VM on my MacBook Pro).

I'm a satisfied GoDaddy customer, but I'm a little unhappy with them at the moment. This morning, I tried to buy one of their 6-in-1 SSL certificates. Why? I wanted to be able to use one cert for autodiscover.robichaux.net and mail.robichaux.net. I figured the 6-in-1 would let me do so because the wording on the 6-in-1 order page says you can register up to six matching domains. I figured that they'd allow multiple subject alternative names, which is what I wanted. What they actually mean, though, is that you can register the same domain in up to six different TLDs... not quite the same thing. I really don't want to buy a wildcard cert; I think I'll probably just stick with the self-signed cert if I can't buy an inexpensive cert with multiple subject alternative names.

From Devin, my cow orker:

Windows PowerShell could, with an unfortunate bit of whitespace, becomes "Windows Powers Hell"

Let's be careful out there. (btw, congrats to Devin on his 100th 3Sharp blog post!)

A friend at Microsoft just e-mailed me to ask if I had a brother... named Julian.

You may have been wondering how Microsoft's going to package (or, to verb a useful noun, SKU) SharePoint 2007. The official SharePoint team blog has the answer, sort of. The article links to a nifty spreadsheet that covers the primary differences between SharePoint 2003, SharePoint Server 2007, and the various SKUs of SharePoint 2007. Worth reading if you follow SharePoint as a collaboration technology.

Over at his InfoWorld blog, Dave Rosenberg makes an awfully interesting assertion: Zimbra's well on the way to becoming a billion-dollar business. However, he uses some way faulty math to get there: he takes at face value Zimbra's claim of 4 million paid mailboxes, then multiplies it by the $25/mailbox MSRP to get an annualized revenue of $100 million. From there, hey, it's only an order of magnitude to get to $1 billion, right?

Earlier this year, I moved all my blog content from e2ksecurity.com here. At the time, I followed what I thought were NewsGator's instructions to redirect my RSS feed so that e2ksecurity subscribers would automatically be redirected. Turns out we had a failure to communicate, and those subscribers haven't been seeing updates. However, thanks to the fine folks at NewsGator support we got the problem ironed out: my web server needed to issue a 301 (permanent redirect) for the RSS feed file instead of redirecting everything. So, welcome back!

During Exchange setup, one of the questions you have to answer is whether there are any pre-Outlook 2007 clients in your environment. (I wrote briefly about this before in the context of Office Communicator.) However, do you know what happens when you click "yes" or "no"?

If you click "yes", the setup program will create a public folder database, in which you'll find the familiar Schedule+ Free/Busy and Offline Address Book folders. This shouldn't be a surprise; Outlook 2003 and earlier versions require these folders, so you'd expect Exchange to create them. If you click "no", the public folder database isn't created, so pre-Outlook 2007 versions can't get free/busy data or download the OAB. However, what I didn't know until today is that the Exchange store will also block MAPI connections from older versions of Outlook when you say "no". Why? Because if those clients did connect, they'd have a terrible experience, with no free/busy or OAB support. To reduce the support hassle for themselves and Exchange 2007 admins, MS decided just to block the connection. To fix this, just add a public folder store to your server and voila! you're golden.

I've been busy with a raft of other projects, but yesterday I finally unboxed the Mitel 3300 and the Intel/Eicon/Dialogic gateway and stacked them on my equipment rack. (Disclosure: it's not a rack, it's a shelving unit. Deal with it.)

The 3300 CXI that I have includes a ton of options and optional hardware. I don't know enough about Mitel's product line to distinguish between what's in this box versus what you typically get when you buy one. However, this unit includes the PRI module that you need to talk to the PIMG, and it includes an Analog Support Unit (ASU) for connecting to analog phone lines. It also includes the software entitlements for embedded voice mail, wake-up calls, and a bunch of other nifty features that a) I don't know how to use and b) probably won't be writing about.

I've already done one Exchange 2007 UM deployment for a customer who wanted it set up in their lab. However, now I'm branching out and deploying it again... at my house.

Mitel was kind enough to loan me a 3300 ICP to use as the centerpiece of my system, along with a couple of IP phones (including the verrry cool Navigator). Along with that, I have an Intel PIMG gateway, my trusty Exchange 2007 server, and a large stack of notes and screenshots on how to get everything working together.

Over the next few weeks, I'll be setting everything up and documenting the experience, both here and in a forthcoming e-book on setting up Exchange 2007 UM and Live Communications Server 2005 with Mitel hardware. Stay tuned for more details! (One valuable tidbit: the status lights on the 3300 are supposed to be red during normal operation-- a bit of a change from what we usually expect in hardware!)

I've made some long-overdue changes to the blog layout and categorization. You may or may not have noticed, but:

• the categories are now streamlined to better reflect what's actually in them
• the Google ads from the right sidebar are now gone, since they were basically just an annoyance
• the RSS syndication info in the "about" block of the right sidebar now works
• the monthly archives are gone, replaced by a list of category archives

I still have a number of other things to tweak, but this is a good start.

Wow, I'm not sure how I missed this (but it did end up in my "to blog" folder, so that's something!) The team at Microsoft that covers Notes application coexistence and migration has a really cool example of how Notes can work with Microsoft applications: you can get and show presence information from Communicator within Notes applications! How cool is that?

Chris Haaker has a post that links to three podcasts (1, 2, 3) (or blogcasts, if you prefer) showing Exchange Unified Messaging in action. Eileen Brown, the Microsoft UK evangelist who recorded them, says "the sound quality is terrible" and promises to re-record them. However, they're still a good listen if you haven't heard the UM system before.

The Forefront Security family of products supports using more than one scanning engine at a time. This is a big advantage, since it adds a significant degree of protection against new threats. This support is coordinated through the Forefront Security Engine Manager, which provides administrators with tools for monitoring the status of installed engines, controlling which engines run, and adjusting the actions Forefront takes when an engine needs to be updated or fails during operation.

Forefront can make use to up to five engines at a time. Perhaps coincidentally, the standard edition of Forefront includes five engines:

• The Microsoft antimalware engine, based on technology Microsoft acquired when it purchased GeCAD in 2004
• The Computer Associates (CA) Vet and InoculateIT engines
• The Norman Data Defense engine
• The Sophos Virus Detection engine

If you buy the Exchange Enterprise Client Access License (CAL), you also get to use four additional engines included only with the Enterprise CAL: AhnLabs, Authentium’s Command Antivirus engine, Kaspersky Labs’s engine, and VirusBuster AntiVirus. During installation, Forefront randomly chooses a set of four engines; administrators can use the suggested combination or pick a different set.

In a future post, I'll have a lot more to say about which engine combinations make the most sense for different uses.

If you've used Office Communicator, you may have noticed that it doesn't allow clickable hyperlinks. This is a reasonable decision by MS made to limit the spread of malware that uses IM as a transport, but it's still a pain in the butt for many environments, including us. Doug has the solution: a simple registry change will restore links to full click-a-bility.

This is going to suck: Robert McLaws took Ed Bott's analysis of the new Vista end-user license agreement (EULA) further, claiming that the new Windows Vista bans you from installing some editions of Vista on virtual hardware, including Microsoft's own Virtual PC (and, of course, Parallels). Ed says, "not so". Robert's asked MS for a clarification; we'll see what they come back with.

From this morning's New York Times, a fascinating article on Dr. Brian Wansink, a professor at Cornell who studies food psychology . No, he's not a dietician; he's a marketing professor. He studies factors that influence what, and how much, people eat. Check out his popcorn experiment for a sample of his findings. He also has a new book out, Mindless Eating: Why We Eat More Than We Think, that I'm just ordered from Amazon-- sounds really, really interesting. (Sample: if M&Ms all taste the same, why will people eat more of the colored ones?) (nb. Dr Wansink has a blog, but it's worthless so far.)

Dear Ed,

I've been fortunate to be one of the conference chairs for Exchange Connections for a couple of years now. This year's show will be especially good for several reasons:

• Lots of Exchange 2007 content: some from Microsoft, some from industry experts like Pierre Bijaoui, Kevin Laahs, Devin Ganger, and Jim McBee
• It's co-located with Windows Connections and a host of other DevConnections offerings (including conferences on ASP.NET and mobile devices, two popular topics in the MS world)
• It's in Vegas. Duh.

As a regular reader of (and commenter on) your blog, I know that you're is well-acquainted with Microsoft's marketing and positioning for Exchange. However (and forgive me for saying so) I think you and your readers might benefit if you understood the technology behind Exchange a little better. Heaven knows I see people posting howlers at your site occasionally. Thus this invitation: come join us in Vegas!

Your travel schedule says you're going to be in Alberta. HP and US both have direct flights YEG-LAS for around $200. As conference chair, I'll comp your registration, and you can wander around and talk to people-- attendees and speakers alike-- to get their unvarnished feedback on the good and the bad about Microsoft's 2007 product lineup. It's the same reason MS always sends people to Lotusphere and IBM sends people to TechEd, only with a very different audience and vibe.

Just drop me some e-mail and I'll get your registration processed. Heck, I'll even buy you dinner.

Funny stuff: a long FlyerTalk thread on jokes to play on airline employees.

From the "Only In Toledo" department, news that a recent crash on I-75 was triggered by... a red bra.

Emily Davis, 17, of Bowling Green admitted that it was her bra that broke and later flew from the car’s antenna on Sept. 26 along I-75 in Middleton Township, according to a 24-page state patrol crash report released yesterday. Two Toledo men in a trailing 2006 Dodge Neon were injured when driver James Campbell told troopers he swerved to avoid the flying bra and his car flipped several times in the grass median.

It looks like there will be 3 separate Microsoft Certified Professional (MCP) exams for Exchange 2007; MS is revamping their exams as part of the move from the MCSE to the new Microsoft Certified IT Professional (MCITP) certification. However, they don't seem to have released any more details on the exams, which is a little disappointing given how close we are to the product's launch. Hopefully they'll publish the exam syllabus fairly soon so we can all start studying :)

In my experience, Exchange's message tracking functionality is pretty darn useful. I don't use it often, but when I do, it's a great timesaver. However, the existing Exchange 2003 GUI is a little clunky; sometimes it would be nice to be able to quickly get the status of a message directly from the command line.

Nice to see IBM getting with the program; they've just relaunched the Domino team blog. I hope it focuses on substantive technical information (like the Microsoft Exchange team blog) instead of marketing argumentation; we have enough of that already.

Technorati Tags: Collaboration

Back in May, an attendee at one of my webcasts asked if I could point her to a script for querying mailbox sizes on a set of Exchange servers. I flagged her message to remind me to answer it and (drum roll) am just now getting to that folder of flagged items.

So, the answer is: you can start with this script from Michael B. Smith; it will give you the mailbox size information without touching the last login date on the mailbox. It doesn't constrain output to a range of dates, but that should be a fairly simple addition.

Last night I had a long conversation with my friend Chris Miller about EVDO; he's a Nextel user and is thinking about switching his company's service to another carrier. At the time, my Treo 700w was showing 1xRTT service, as it usually does in the Perrysburg area. This morning, when I was letting the phone sync after being turned off overnight, I noticed that I was now getting an EVDO service icon-- so apparently Verizon has quietly turned on EVDO in at least parts of the Toledo metro area. It may be because I live close to the VZW store at Levis Commons, but I'm not going to complain.

Update: my house is back to 1xRTT, but when I drove into Maumee there's EVDO coverage at least as far north as the corner of Conant and Illinois.

As promised, here's my TechNet Radio segment. I hope you find it as much fun to listen to as I did to record!

WMA file | MP3 file

Well, this is a nice surprise: according to Multichannel News, DirecTV will be adding local-into-local HD service for Toledo (and several other similarly-sized markets) by years' end. I don't have any of the MPEG-4 equipment that would be required to get LIL, and I have a perfectly good HD antenna anyway. Even if I had the equipment, I'd still stick with over-the-air because then I can record it easily, using either Windows Media Center or the El Gato eyeTV HD gadget I just got in the mail. Look for a full review soon... well, OK; "soon" really means "after baseball season is over, or the Tigers are eliminated, whichever comes first".

Still catching up on my blog backlog...

Virtual Server comes in very, very handy at 3Sharp, because much of the work we do involves building VMs for various tasks. However, I've never really cared for its management interface. I'm not a big fan of web-based management interfaces for system management, and the VS interface is kinda blah (though the VMRC client is handy). I just found these two articles describing the PowerShell support that's coming in the next release of Virtual Server. I'm looking forward to being able to better manage VMs using PowerShell, and to tide me over, there are some tasty improvements in Virtual Server 2005 R2 SP1 (but what a terrible product name!)

Technorati Tags: PowerShell

I'm a big fan of Microsoft's "IT Showcase" series, which highlights how Microsoft uses its own technologies (aka "eats its own dog food", or just "dogfoods") to solve business problems. I didn't know they'd expanded the showcase to include podcasts, though. This episode covers some of the key points of Microsoft's spam, virus, and e-mail security infrastructure. Pretty interesting stuff, including a discussion of how they're using Exchange 2007's Edge Transport role as their primary perimeter system.

Microsoft's Walter Stiers posted this on his blog last week, and I'm just now getting around to it. The bottom line: you can get some Microsoft-led online Exchange 2007 training for free by hitting the Exchange learning portal. This is a great deal for IT folks and a good move for MS-- it's often difficult to get training into a budget this late in the year.

I thought competitive eating was a crazy sport, but little did I know that there was something crazier. Check out this video of a competition that revolves around opening beer bottles with a helicopter. I think I'll stick with playing soccer.

I haven't had a chance to try it yet, but this integrated development environment (IDE) for PowerShell looks extremely cool. Having a debugger, syntax highlighting, and Intellisense for PowerShell would be really handy for building, say, a PowerShell version of the cookbook...

It's been a tough two or three weeks here, at least for computer hardware.

First, I flattened my trusty ThinkPad. Ryan Femling, my coworker, says you can easily go two or more years without performance problems on a stable Windows install. He's right; I got just over three years out of the install, but for some reason, the machine had decided that it would permanently disable both its wireless card and its onboard Ethernet port. That made it, if not useless, much less useful. There wasn't anything wrong with the hardware; some combination of Windows patches and software installs/removals apparently whacked the driver. A clean install using IBM's recovery partition certainly fixed things up.

The next weekend, I came back from Michigan to find my only x64 machine (an Athlon 3800+ in an ASUS A8N) was beeping every two or three seconds. All the fans spin up normally, but the machine just sits there and won't POST. I haven't started diagnosing it yet.

Two nights ago, our electrician was here doing some work. He had to take down house power, so I cleanly shut down all my servers. When the power came back on, my primary file server wouldn't boot. After a little troubleshooting, I found that the video card was at fault; after I removed, cleaned, and reseated it, I was back in business. Coincidentally, Windows maven Ed Bott had the same problem two weeks ago, and his post is what reminded me to check the video card first, so I'm passing the tip on.

And another thing, which I originally forgot: I lost a 16-port network switch early Wednesday morning. It was making a cool frying-bacon sound when I came downstairs; this is annoying since it's the link to the ground floor of the house. Until I replace it, no Internet in Arlene's workroom.

Thanks to Technorati, I just found that Walter Glenn has a blog; with characteristic modesty, he hasn't been plugging it anywhere, so I found it through searching for links to my own blog! Walter and I first worked together on an MCSE guide for Exchange 5.5 back in 1998 or so. He's a great guy and knows a ton about Windows and Exchange. His blog is focused on simple tips for making Windows easier to use-- check it out.

I just got off the phone with Chris Avis of Microsoft's TechNet Radio podcast series; we chatted about Exchange 2007, PowerShell, unified messaging, and my lame Xbox 360 skills. The podcast will go live next Tuesday; I'll post a link to it when it's up.

I've gotten several inquiries about how we selected the products we tested in the anti-phishing technology evaluation. That's a fair question; some companies are unhappy that they were included, and some that they weren't.

When we defined the parameters for the testing, we selected the vendors that had either browser-based toolbar add-ons or built-in anti-phishing technology in the browser as of May 2006 and that (in our opinion or by market data) had a significant usage presence. There are dozens of products that meet the first test, but not that many that meet the second. We picked the top 8 based on our understanding of actual usage and deployment. I didn't want to include payware products because the original objective was for us to help Microsoft understand how well IE 7 worked compared to its biggest competitors-- and in this market segment, payware products are at a disadvantage.

Would we have preferred to test all the products? Sure. The team at Carnegie Mellon that did a similar study (with a smaller list of products and a smaller set of URLs) said the same thing. However, we had to draw the line somewhere. When we redo the tests, we'll probably change the product mix around; I'd expect to see Firefox 2.0 included, and maybe some of the commercial products.

To address Symantec's complaint, I'd make two points. First, Norton Confidential wasn't announced until June, so how could we have included it? You're making the Firefox argument. We only tested products that were publicly available at the start of our time period; we excluded Norton Internet Security 2006 because it was commercial (and I suspect that if we'd tested the 2006 version, we'd be hearing that we should've tested the 2007 version instead. Sic transit gloria annual releases...)

Second, it's pretty worthless to have a blog but not allow comments or trackbacks. That's not a blog, it's a monologue. Whatever you think of the quality of Microsoft's products (including IE), you have to admit that they have aggressively embraced blogging as a way to communicate directly with customers-- something I'd like to see more security companies emulate.

Update: fixed the link to McAfee's SiteAdvisor blog.

Technorati Tags: 3sharp, phishing