Recently in UC&C Category

I love using RSS to keep track of various information sources, and I just found out that there's an RSS feed of KB articles for Exchange Server 2010. Use this feed along with your preferred aggregator to keep track of the latest support information for Exchange 2010. (If you don't already know how to use an aggregator, try Google Reader for a quick, easy, and free introduction.)

I had quite a merry chase through the Exchange documentation this morning trying to figure out the best way to explain something.

Exchange 2010 MailTips come in several flavors. You can set MailTips for individual mailboxes using Set-Mailbox, but most MailTips are automatically generated in some way. You can use the Set-OrganizationConfig cmdlet to control several of these generative behaviors, but there are a few quirks.

One type of MailTips come from data that the CAS pulls from queries against the mailbox server. That's how the "recipient out of office" and "recipient mailbox full" MailTips work. As long as the CAS can make RPC queries against the mailbox servers, these MailTips will work just fine.

The "external recipient" and "large audience" MailTips rely on data from the Group Metrics component that runs on the mailbox server. Here's where the quirks start. By default, these MailTips are turned on by default in the organization configuration. However, if you read this you might get the impression that GM data are generated by every mailbox server in the organization. However, if you run Get-MailboxServer and look at the results, you'll see that the GroupMetricsGenerationEnabled setting defaults to $false.

Where does the GM data come from? That's the rub. Exchange 2010 always generates GM data on the server that generates the OAB but only if there is an OAB generated. If you use the default Exchange install settings, you'll get GM data even though it may look like GM generation is turned off. On the other hand, if you turn off OAB generation, you get no GM data until you manually enable GM generation. Neither of these behaviors are documented as clearly as they should be. The "Understanding Group Metrics" topic does mention the latter point, but it took some work to find the topic in the first place. If you do what most admins will do and start searching for info on GroupMetricsGenerationEnabled you're not likely to find it. Hopefully this will be fixed in a forthcoming update to the documentation.

(Thanks to EJ Dyksen, Nate Waddoups, and Robert Gillies of Microsoft for helping figure out what was going on with this stuff.)

Exchange 2010 offers protected voice mail that works roughly like the "mark as private" option that many legacy voicemail systems provide. The difference is that Exchange 2010 uses Active Directory Rights Management Service (AD RMS) to apply restrictions to the message that prevent clients from forwarding it. This gives the same protection as legacy VM systems, which implemented message privacy by keeping VM recipients from forwarding messages.

This is a nifty idea, given that it ties together Exchange UM with AD RMS in a logical way. It has some implications, though, that may not be obvious at first glance.

First, of course, is that you have to use a compatible client to play the voice message. A client that doesn't support AD RMS won't even see that the message has an audio attachment. It just shows up as the familiar "this message is protected with..." text. In this context, "compatible" means Outlook 2007, Outlook 2010, or OWA 2010. There's no Mac client (yet; the forthcoming version of Outlook for Mac is alleged to support AD RMS messages), nor are there mobile clients.

Second, when you play the message, the way you play it may vary according to the policies in effect on your system. The UM mailbox policy defines a setting named "Allow multimedia playback of protected voice messages". When this setting is false (e.g. when it does not allow multimedia playback), users can only play protected voice mail messages through the Exchange Play on Phone mechanism or through Outlook Voice Access (e.g. over the phone), not through the inline media players in Outlook and OWA. This is useful in some contexts to prevent users from playing sensitive messages on their laptop speakers at the coffee shop, at high volume in a cubicle farm, and so on.

Unfortunately, the documentation says this setting is set to false by default… in other words, the default settings (according to the docs) only let you play protected VMs on the phone. In reality, the settings is true by default, so that users can play protected messages back on the phone or through the local media player. In other words, the docs are 100% wrong. I blame this on the fact that the attribute name in the UM mailbox policy is RequireProtectedPlayOnPhone-- the opposite wording. If "require X" is false, that's the same as "allow not-X" being true. So, this is now bugged with the Exchange UE team.

In playing with this feature, I also wasn't able to make Exchange protected voice mail messages show up consistently in Communicator's VM notification system. I think that's because my test machine was using Outlook 2007, in cached mode; the protected VMs didn't show up in its "Voice Mail" search folder either. I'll have to test this some more with an Outlook 2010 machine to see what happens, but my expectation is that Communicator should show protected VMs just like it does normal ones.

We currently have a two-node database availability group (DAG) protecting our mailbox databases. Over the weekend, a person or persons unknown shut down the physical server hosting one of the DAG members. No one, including me, noticed any difference-- all our users continued to work normally.

Failover was completely seamless, and neither our Outlook nor OWA nor mobile users contacted me to complain. I only became aware of the problem when I was troubleshooting our back pressure incident.

Exchange 2010 rocks!

So, over the weekend my users stopped getting mail from external senders. No one reported it until yesterday; I happened to be in Redmond teaching the MCM Exchange UM course, so I didn't find out about it this morning. A quick check of the queues revealed that there was no mail backing up on any of the Exchange servers, so I sent a few test messages. The test messages never arrived. However, mail from internal users was arriving just fine. "Couldn't be back pressure," I reasoned, "because the server's still accepting connections."

I dug a little deeper and found that our Linux MX host had a ton of queued mail-- all with "4.3.1 insufficient system resources" errors . Of course, that was a dead giveaway. I checked the system event log, found an event 15006 from Saturday night: low disk space had forced Exchange to stop accepting messages. After a little disk fu, the transport service again began accepting messages-- but why was any mail arriving?

It turns out that Exchange 2010 back pressure handling has a major difference from Exchange 2007. In 2007, if disk space or CPU become a bottleneck, the transport will stop accepting SMTP connections. In Exchange 2010, it will still accept the connections, it just won't accept the messages. There are also some nuances (explained here), too. For example, the transport will attempt to keep accepting messages from other Exchange servers unless resources get really, really tight; the first thing it stops doing is accepting messages from external servers.

Exchange 2010 can also throttle the flow of incoming messages as a back pressure reliever, but that's a topic for another day...

Now this is a neat idea; I wish I'd thought of it.

Microsoft's released the Exchange 2010 Deployment Assistant, a web site that interviews you about what your deployment plans are and then assembles a customized subset of the Exchange 2010 documentation for you.

You start by indicating whether you're moving from an existing deployment (either 2003, 2007, or mixed) or creating a new one. Once you've done that, you answer questions (such as "will you be using public folders?" or "do you plan to deploy unified messaging?"), and you get a checklist like this one:

The tool is clearly still in the early stages of development; it only includes content for upgrading from pure Exchange 2003 environments. However, it's an improvement over the old deployment wizard in two major ways. First, it's more highly customized for your particular migration plans. Second, it gives you a single point of access to everything you need to know about a particular topic (like installing a mailbox server).

I'm looking forward to seeing how the product group improves the tool in future releases. Check it out and you'll see what I mean.

There's been quite an active thread among Exchange MVPs and TAP participants about the implementation of a new feature: the Exchange 2010 Organizational Health Check. It turns out that this new feature has a problem that makes it even harder than usual to decipher Microsoft's licensing requirements.

Quick recap: Exchange 2007 introduced the idea of the Enterprise client access license (ECAL) for Exchange (though the introduction was not without hiccups). The ECAL is an additional license that you had to buy in order to use certain features, like unified messaging or the enhanced Exchange ActiveSync policies. ECALs are additive, so you must buy both a standard CAL and an ECAL for every user that needs one of the premium features.

Exchange 2010 retains the same edition and ECAL structure that Exchange 2007 had. That's fine and good. Exchange 2010 also adds a new features, the Organizational Health view (see Figure 31 here). This view is supposed to summarize how many CALs you have versus how many you need to have...

...except that it gets the comparison wrong. If you have N mailboxes, the Organizational Health view will tell you that you need N ECALs, even if you don't.

How did this happen? In this particular case, it's down to Exchange ActiveSync policies. When you install Exchange 2007 or Exchange 2010, you get a default Exchange ActiveSync device policy. This default policy enables (or, more precisely, does not block) all the features on the device. Here's what it looks like:

The text block at the bottom of the option list helpfully tells you that changing any of these checkboxes--in other words, blocking any feature that would otherwise be enabled--requires an ECAL. That's because by changing these settings you are defining an advanced EAS policy. Fine; that's the way it was in Exchange 2007 too.

The difference is that whoever wrote the Organizational Health view apparently didn't know this, so it tallies up 1 ECAL per defined user--even if that user doesn't have an Exchange ActiveSync device, or if you haven't changed the policy settings. Therein lies the bug. The data displayed in this view comes from the Exchange Best Practices Analyzer tool, but I believe that it correctly counts CALs and ECALs in its current incarnation.

The bug led one prominent MVP to say that the "entire counting process is screwed up and useless," which is hard to disagree with in this case--but it gets worse. Unified Messaging is another feature that requires the ECAL. However, the Organizational Health view ignores UM-enabled users, so changing the UM enablement state of your users doesn't change the number of ECALs that it thinks you need.

Fortunately, Exchange doesn't actually enforce any of these restrictions. The license may require you to buy ECALs for particular users, but Exchange won't stop working (or even degrade its functionality) if you don't do so. You can use this script to estimate your CAL and ECAL requirements (it hasn't been updated for Exchange 2010 yet, but it should be soon). However, I wouldn't recommend making licensing decisions based on the Organizational Health view at this point in time.

From the "man, I can't believe I haven't written about this yet" file…

Exchange Unified Messaging can make phone calls. (OK, OK; I did know that much!) For example, when you call in to Outlook Voice Access, you can ask Exchange to place a call to someone who's in your personal Contacts folder, or in your organization's GAL. It turns out that you can harness this feature by writing code to have Exchange UM place calls for you… sort of.

"How does it work?" you ask. Good question. It's the same as the mechanism that Exchange uses to route calls through an auto-attendant. Let's say that Alice calls the main number at Contoso. Alice's device connects to the PSTN, which routes the call to the Contoso PBX (or OCS server, whichever; it doesn't matter for our purposes).

The PBX sees the inbound call, consults its call coverage map, and sends the call to Exchange, which answers it and triggers the auto-attendant. If Alice requests Bob's extension (or does anything else that requires the attendant to route the call, as opposed to just playing prompts and recording responses), Exchange will make a SIP request to the PBX asking that the call be transferred.

It turns out that Play on Phone uses the same trick. In fact, there are several other cool things you can do with the UM web service: play messages, reset user PINs, and play greeting messages among other things. This article has a summary of the things you can do, along with some (.NET Framework-based) code showing how to do raw SOAP calls and to use them to connect to the UM service. (There's sample code for using the web service here, too, if you're the coding sort.)

The article, sadly, doesn't mention the power of Autodiscover, which is what you can and should use to find which UM service a given user should be connecting to. Regular users of Exchange Web Services already know that, however.

It's too bad that you can't use this feature to place a call to an arbitrary number and play whatever content you want (although that would be easy to do with Speech Server). Still, it's a useful capability; I'd love to see an iPhone app that would tell the Exchange server to Play-on-Phone all my voice mail messages.

Here's an executive summary of the way Apple handles multi-part messages in Snow Leopard’s Mail.app.

Here's the problem. Say that you use Mail.app to compose a message that has some text, then an inline image (or PDF; doesn't matter), then some more text. What you'd probably expect is that it would display properly in Outlook, OWA, and other non-Apple mail clients. What you get instead is rubbish.

It turns out there are two ways to construct a MIME message with multiple parts, and at least two ways to put them back together again. Exchange and Outlook use one method: the messages they generate are tagged as MIME multipart/related, and inline attachments are referenced as separate parts. The body text for the entire message is one contiguous block, with "cid:XXXX" references to the inline items. Outlook or OWA are responsible for rendering the inline images. Apple Mail uses the other method: inline attachments are tagged with "content-disposition:inline". Any blocks of content after an inline attachment are created as separate message parts. The client is responsible not only for rendering the inline images, but also with taking any additional attachments and putting them inline.

What does that actually mean? Say you compose a message. The image on the right show what it looks like when you send it. The image on the left shows what it looks like to the recipient. You'll have to click on the thumbnails to get the full versions, but you can see what I’m talking about: the Outlook user gets no cheese, no lolcat, and no text below the picture—at least not without clicking on them.

Now, perhaps I'm being too harsh by saying that Apple’s doing it "wrong". I mean, can't we all just get along?

In this case, no, Apple is doing it wrong. One of the major features in Snow Leopard Mail was supposed to be Exchange compatibility. If you produce messages that Exchange clients can't read, well, that's not very compatible, now is it? There are tons of complaints about this on Apple's discussion forums, mostly centering around Mail's inability to read voice mail messages from Vonage-- so it's not just Exchange users who are being bitten by this.

For another day: how I used the ever-useful pickup directory to figure out exactly what the problem was.

Exchange 2010 has a daunting list of prerequisites. Although the installer is pretty good about catching missing items, it's a hassle to start an install, wait a few minutes, and then notice it complaining that you're missing a required component or hotfix. This problem is made worse by the fact that there are slightly different prerequisites for some server roles on some operating systems.

Fellow Exchange MVP Dejan Foro has a great solution: a pair of scripts that automate the installation of the prerequisites for you. You still have to download them all, but the script takes care of installing the right bits in the right places at the right times. I particularly like the "turbo" script, which just slams the prerequisites into place without asking you any annoying questions. Check the scripts out—I think you’ll like them.

Great news from Michael Atalla on the Exchange team blog: the release candidate for Exchange 2010 is now available for download. The RC is feature complete, meaning that everything that will be in the final build has been implemented, though there may still be bugs. I can say that based on my experience with Exchange 2010 in the TAP, and a user of the Outlook Live service, it's pretty darn solid. Check it out!

Big news on the Mac e-mail front.

First, Microsoft has released the Exchange Web Services (EWS) edition of Entourage, which you may remember from back in January. If you've been using the beta version, you will almost certainly be pleased with the vast improvements in sync speed since the beta. MS has also fixed a number of annoying sync bugs. Remember, the EWS version requires that you have Exchange 2007 SP1 with update rollup (UR) UR4 or later.

Next, MS announced today that the next version of Mac Office will contain... not Entourage but Outlook for the Mac. They have not yet announced the exact details of what "Outlook" means in the Mac context (except to say that it includes support for AD RMS), but the Entourage Outlook for Mac team is well aware of the major features that Outlook for WIndows has, and based on my discussions with them I am pretty optimistic about what we'll see in the next version.

Neato! I just got mail from Greg Taylor, head of the MCM: Exchange program. They're offering a $3,550 discount on the upcoming Exchange 2007 rotation (September 21-October 10). Register here to get the discount. Disclaimer: I teach the UM portion of the MCM class, and Greg's offering instructors a bounty for new registrants, so I benefit directly when people sign up. However, the training is so good that you should disregard my interests altogether and sign up anyway. (If you do, please drop me an e-mail to let me know!)

Ethan McConnell has a long post on the Exchange team blog covering how to set up the Windows Mobile emulators for testing various Exchange features. Early last month he snuck in an update: a link to the Windows Mobile 6.5 emulator images. If you're interested in the differences between WM 6.1 and 6.5, this is probably the best way to satisfy your curiosity for the time being; I don't think there are any actual WM 6.5 devices shipping yet.

From the "you learn something new every day, whether you want to or not" file: there's an IIS extension that lets you doURL rewriting. Chris Lehr has a blog post explaining how to use it to send users to the correct OWA virtual directory no matter what (or almost no matter what) URL they enter. This is a lot cleaner than the other methods I've seen described in the past.

Microsoft's Dave Howe posted a great tip to his blog: how to allow users to send voicemail messages to multiple users. This is often called "broadcast" or "distribution" voicemail, because the sender specifies a single address that expands into multiple recipients-- just like a conventional distribution group in Exchange. The process is pretty straightforward: you create a new AD distribution group for the target recipients, update the UM grammar files that Exchange UM uses for speech recognition, and start sending messages.

You may have heard that Exchange 2010 won't support inbound fax. I have yet to find an Exchange 2007 deployment that actually uses Exchange UM faxing for one simple reason: it's inbound-only. If you have to do all the work of deploying an outbound fax solution anyway, the value of inbound fax support in Exchange UM is quite a bit lower.

Exchange 2010 won't create fax messages itself. However, there's a twist: you can outsource your fax over IP (FoIP) capabilities. Exchange 2010 will honor any existing Exchange 2007 UM fax configuration properties, and it will continue to recognize fax CNG tones. However, instead of answering the call itself, UM will look at a new configuration property defined on UM mailbox policy objects: FaxServerURI. If this property exists, UM  will try to hand off the call to the specified fax solution. The external fax solution will establish a fax media session with the sender, create a fax message, and send it to the UM-enabled user’s mailbox.

Messages created by this approach will look basically just like Exchange 2007 UM fax messages, and they'll appear in the Fax search folder just as existing messages do.

The foregoing discussion might lead you to wonder who's going to offer FoIP services that work with Exchange 2010. I haven't seen a list yet. However, Concord Technologies sent out a press release at the Worldwide Partner Conference touting the fact that they'd be offering an Exchange 2010-compatible solution, so I guess we can count them in.

Back in May I wrote about meeting forward notifications and how Exchange 2007 processes them. This feature is largely unchanged in Exchange 2010, with one very nice exception. In the new OWA options interface, the Calendar tab sports a checkbox labeled "Delete notifcations about forwarded meetings". If you check it, that has the same effect as running Set-MailboxCalendarSettings -RemoveForwardedMeetingNotifications $true on your mailbox.

So Devin posted about Z-Push, the cool-sound open-source implementation of Microsoft's Exchange ActiveSync (EAS) protocol. Here's the problem: the Z-Push folks kinda forgot to buy a license for EAS, and I have a problem with that. After years of complaints that Microsoft wasn't being open and sharing its protocols, they started to document the behavior of their protocols and offer some of them for licensing, EAS included. That's good, right? It's good enough for Apple, Google, and the many other companies that licensed EAS, anyway. However, apparently Zarafa wanted the benefit of Microsoft's labors without being willing to pay for it, so they built their own implementation. I don't think that's fair, and I don't think the technical coolness of Z-Push should obscure the fact that Zarafa is stealing something that isn't theirs.

This is what I said in 2002:

Hey, Linux guys: if you want to beat Microsoft, do it by making something better, not by copying their investment.

What happened to Lemonade? How about Funambol? It's not as though the FOSS world lacks for sync protocols; they just decided that Microsoft's commercially successful, fully licensable protocol would better suit their needs, so they took it. It boggles the mind. It would be one thing if the protocol were fully open to all implementers, but it's not. If you don't like the licensing terms, build your own protocol-- that's not hard to understand, is it?

From the I-had-no-idea-this-existed department: Microsoft has a downloadable Lotus Notes plugin that provides integrated support for scheduling Live Meeting sessions and meetings hosted by OCS 2007. (It doesn't yet support OCS 2007 R2, sad to say.)

Craig Roth has a great blog post up on e-mail overload and how "attention management" technologies can help reduce the burden on us puny humans. I thought I'd take a stab at describing how Outlook, Entourage, and Exchange 2010 implement attention management technologies. (You'll probably want to refer to this map as you read the below points). I've taken Craig's bulleted list and added notes about how Exchange + Outlook support (or don't support) each proposed attention management feature.

• Scheduled delivery: Outlook and Exchange have supported scheduled sending for some time; you can schedule a message to be sent "not before" a certain time, or just in the next send/receive. However, there's no built-in way to schedule receiving. This would be fairly simple to implement via an Outlook plugin (or Entourage AppleScript) that switches the client to offline mode until it's time to pick up new mail.
• Maintain whitelists to bypass blocks and delays: this would be tricky to implement if scheduled delivery were implemented using my crude method of going offline, and I'm not sure how useful it would be anyway.
• “Move to discussion” greys out “reply”: A "move to discussion" feature would be a great addition to Outlook, and (from Microsoft's perspective) would be desirable as a way to drive people to SharePoint.
• Automated routing and prioritizing: this is a wicked-hard problem. Microsoft's solving it by letting you build workflows that manage e-mail, so that organizations can build workflows to handle incoming e-mail, IM, and voice traffic according to whatever rules make sense. This isn't really an end-user-targeted capability, though.
• Un-bury turning off or freezing of “toasts”: I prefer to work with toasts turned off altogether, but I understand that some people want them. Craig's right, though, that it should be easier to toggle this functionality. One easy thing for Microsoft to do would be to integrate "do not disturb" mode in Communicator with the Outlook equivalent. This already sort-of-works (e.g. during a full-screen PowerPoint presentation you don't get toasts) but it could be made better.
• Enable e-mail hyperlinking: does anyone remember the Exchange 2000 Web Storage System? Every item in the store had its own uniquely addressable URL, but this turned out to be pretty much useless in the real world. This is less an attention management issue than an e-mail data management issue; there's little storage penalty to forwarding messages once they already exist.
• Enable role-based profiles: Craig's idea is to provide a mechanism for defining standard profiles that control attention-related policies. Based on my experience, I think this would go over poorly, as most executives insist on having highly personalized workspaces. Regardless of what I think, though, Microsoft doesn't provide a way to do this at present.
• Enable sender tagged e-mails: this is one area where the tools available in Outlook and Exchange far outpace their actual use. I need to do a separate post on message classifications, retention tags, and all the other sender-tagging goodness.
• Stop attachment abuse: Outlook already supports sending documents to a document workspace or shared library, although this feature is buried somewhat (and Entourage doesn't have it at all, sadly).
• Presence-enable recipient lists: Outlook already does this, in spades. The below picture shows a number of Outlook's built-in presence capabilities, including automatic display of presence icons for presence-enabled users, enhanced status (like "away for XXX" or out-of-office messages), and click-to-communicate with multiple communications modes.
• 
• Enable group-based rules: Exchange and Outlook don't currently do this, although you can simulate some aspects of it with query-based distribution groups. Honestly, though, this strikes me as only marginally useful; I'd probably rank it close to last in terms of which features I'd rather see first.
• Turn e-mail into generic small-content tool: Not a bad idea, although I think you could use a much lighter-weight tool like the excellent Windows Live Writer to do this more easily.
• Manage multiple inboxes: this is a tremendously useful feature of Entourage, which has long supported multiple Exchange accounts. Outlook 2010 is reported to support multiple Exchange accounts too; I'll post a more detailed article on this once Microsoft releases publicly-available bits.
• Provide inbox analytics: this sounds like the kind of cool but not-very-practical feature that analysts love :) I'm willing to be convinced otherwise, but it's not clear to me that having analytical data is actually going to change anyone's use or misuse of e-mail.
• Token systems: see previous bullet. What if you run out of tokens? Do you just quit work for the rest of the day?
• Remind sender if no reply: I have to do this manually, either through CRM or a manual task, so I'd love a button that would automatically create a task to remind me to follow up if no reply is received by a certain date. This would be simple to script in either Entourage or Outlook.

There are a couple of Outlook and Exchange features that Craig didn't mention that I think fit into his taxonomy. Chief among them is the new "Ignore" functionality in Outlook 2010 and OWA 2010; when you ignore a thread, the client silently creates a server-side rule to automatically delete messages in the same conversation, so that you just don't see them. (An alternate name for this feature, the "mute button", better describes it IMHO). It will be interesting to see whether Microsoft makes a move to include more attention management functionality in future versions of Office and Exchange. I bet they will, given MSR's investment in this research area, but we'll have to wait for Office/Exchange v.Next to see for sure.

[ Updated on 23 June 2009 to fix a couple of mistakes and add a few new tidbits ]

Last summer I wrote a post about the utility of the iPhone 2.0 as an e-mail device for people, like me, who are heavy e-mail users. Now that the 3.0 release of the iPhone OS is upon us, I wanted to post an update to see what Apple's fixed, or not, from the original complaints. I had hoped to get some hands-on time with a Palm Pre as well, but haven't quite made it there yet. However, I have spent some time using the version of Outlook Mobile from Windows Mobile 6.5, so that's now my baseline standard for comparison.

Executive summary: Apple invested a ton of time in the 3.0 release, but most of it went to other aspects of the OS, not into the messaging and calendaring experience.

Policy and account control

I didn't spot any changes here. The big one I was hoping for was the ability to create and manage multiple Exchange ActiveSync accounts. Sadly, Apple didn't include this. The extended policies in EAS version 12 (like forced disablement of the camera or Bluetooth) still aren't supported. You still can't install your own certificates, either.

[Update]: As Chris Haaker pointed out in the comments, you can indeed disable the camera using Exchange 2007 EAS; for a complete list of the policies 3.0 supports, see this doc at Apple's site; and, of course, you can install your own certs by e-mailing them to the device, using the over-the-air configuration utility, or distributing profiles with the utility. In addition, Apple improved certificate support quite a bit: 3.0 adds the ability to provide client certs for authentication, and it now uses OCSP for checking certificate validity online instead of depending on static CRLs.

E-mail

In my initial review, I started with basic e-mail operations. These are essentially unchanged: the look and feel of the Mail application is identical to the 2.0 version for the most part. The annoying automatic expansion of EVERY SINGLE FOLDER YOU HAVE is still there. You still cannot delete messages while the iPhone is offline. Instead of fixing this issue, Apple has chosen to deactivate the "delete" icon on the message toolbar. However, when you're in the message list view, you can still use the swipe-to-delete gesture, or the Edit button, to delete a message... and then you get the same error that the message can't be moved to the trash. Fail.

You can queue replies or forwards while offline, which is a welcome improvement.

One area where Windows Mobile 6.5 really shines in comparison to the iPhone is in the new conversation view for e-mail. There are a number of other WM 6.5 mail improvements that I won't cover here; suffice to say that the new Outlook Mobile extends Microsoft's lead by providing a better pro-level e-mail experience than the iPhone 3.0 does. Apple could definitely improve things just by using the correct EAS verbs for reply and forward, though, which they still don't do

Oh, that bug with not properly sending IMAP EXPUNGE commands to remove deleted messages: still there. I guess Apple thinks it's a feature.

Calendar

If you didn't like the iPhone 2.0 calendaring experience, you won't find much to change your mind here. You can now create meeting invitations for your Exchange calendar (but not for your MobileMe calendar, a baffling omission given that MobileMe is marketed as a service useful for families). I am hopeful that the forthcoming Exchange support in Apple's Snow Leopard OS will force Apple to make iCal more useful, and that those changes will ripple out to the iPhone. Until then, though, Windows Mobile still kills the iPhone in calendaring usability.

Speaking of usability: since my original review I found a few more annoyances:

• meeting cancellation notices show up on your calendar as "Canceled:whatever"; there's no way for you to use the cancellation notice to remove the event.
• If you receive an invitation on the device, then accept it from the desktop or OWA, it will still show up in the calendar app as a pending invite until you try to open it.
• You still can't see .ics files that arrive in IMAP-connected Exchange accounts. Fortunately, Exchange 2010 includes an OWA link in meeting invites, so you can click the link to jump into OWA and accept the invitation there.

[Update] One nice addition that I forgot to mention: when you get an invitation, you can see where it falls on your calendar, and there's a new disclosure chevron next to meetings you create that lets you view the status of the invitees (provided you're using Exchange 2007).

Tasks

Nope. This is another promised Snow Leopard feature that will hopefully make an appearance on the iPhone at some point. In the meantime, I've been using imTasks, which works flawlessly with all of my Exchange accounts. I also tried TaskTask, which has a somewhat nicer interface but which hasn't worked very well for me.

Contacts

New iPhone 3GS features [UPDATE]

I mentioned this during my TechEd session (which, btw, will also be the topic of a TechNet webcast in August), but I forgot to link to it. There's a pretty good white paper available explaining the ins and outs of virtualizing OCS 2007 R2. In skimming it I was surprised to find that Microsoft doesn't support virtualizing the update server; I'll have a more in-depth analysis once I have a chance to read it more thoroughly.

Tuesday, day 2 at TechEd, was one of the busiest days I've had in a while. I spent part of the morning preparing for my afternoon Interactive Theater session on Microsoft's Business Productivity Online offering, then worked a three-hour booth shift, this time in the Protection and Compliance booth. I was a little surprised with the number of questions that centered on Active Directory Rights Management Services; lots of people wanted to know more about Outlook protection rules (the new feature that lets you push a policy to Outlook clients that requires them to apply specific RMS templates to certain messages) and transport rules for RMS application. We also had a few archiving and cross-mailbox-search questions too, although not as many as I expected going in.

In the afternoon, I held UNC01-INT, a live demo and chalk talk on the Business Productivity Online suite. It was fairly well attended; I'd guess that there were about 40 people in the room. Thankfully my demos all went well; I showed the Microsoft Online Customer Portal, which you use for signup, billing, and so on, as well as the "my company" portal and the BPO single-sign-on agent. For the web-based portions of the demo, I used Windows 7 RC with IE8, and it performed flawlessly-- a good sign for the stability and utility of the release version.

The Business Productivity Online team scheduled a thank-you dinner at Ciudad for the people who spoke on BPO topics, and they were kind enough to invite me to join them. At my end of the table, I had a former commercial fisherman who was born and raised in Alaska, a man who worked two summers in college as a commercial fisherman in Alaska, and an avid fisherman from Seattle. You can probably guess what we talked about!

Wednesday was the big enchilada: UNC304, my talk on OCS deployment and management. However, before I could do that session, I had another turn of booth duty, this time in the deployment and management booth. I could distill the bulk of the questions I got into two individual queries: Is it true that you can do online mailbox moves in Exchange 2010, and if I'm using Exchange 2003 right now, should I move to Exchange 2007 or Exchange 2010? These were popular enough questions that I'm working on separate posts for them.

The session itself went well, although I was in one of the cavernous 600-seat rooms, so it felt kind of empty. I demoed the OCS 2007 R2 topology planning tool and showed some screen shots of the new device management console (having neglected to bring a real device with me to manage!) Afterwards I got into a long discussion with some folks from the University of Florida about how their helpdesk might use OCS, plus I met Tyler Regas for the first time face-to-face. Following the session, I had to duck out and grab a taxi to the airport to catch my flight home.

One post-show update: in UNC304, I mentioned the client interoperability matrix for using multiple points of presence, or MPOP. Microsoft's Peter Schmatz was kind enough to send along an updated link to the most recent matrix; it's here.

Tuesday, day 2 at TechEd, was one of the busiest days I've had in a while. I spent part of the morning preparing for my afternoon Interactive Theater session on Microsoft's Business Productivity Online offering, then worked a three-hour booth shift, this time in the Protection and Compliance booth. I was a little surprised with the number of questions that centered on Active Directory Rights Management Services; lots of people wanted to know more about Outlook protection rules (the new feature that lets you push a policy to Outlook clients that requires them to apply specific RMS templates to certain messages) and transport rules for RMS application. We also had a few archiving and cross-mailbox-search questions too, although not as many as I expected going in.

In the afternoon, I held UNC01-INT, a live demo and chalk talk on the Business Productivity Online suite. It was fairly well attended; I'd guess that there were about 40 people in the room. Thankfully my demos all went well; I showed the Microsoft Online Customer Portal, which you use for signup, billing, and so on, as well as the "my company" portal and the BPO single-sign-on agent. For the web-based portions of the demo, I used Windows 7 RC with IE8, and it performed flawlessly-- a good sign for the stability and utility of the release version.

The Business Productivity Online team scheduled a thank-you dinner at Ciudad for the people who spoke on BPO topics, and they were kind enough to invite me to join them. At my end of the table, I had a former commercial fisherman who was born and raised in Alaska, a man who worked two summers in college as a commercial fisherman in Alaska, and an avid fisherman from Seattle. You can probably guess what we talked about!

Wednesday was the big enchilada: UNC304, my talk on OCS deployment and management. However, before I could do that session, I had another turn of booth duty, this time in the deployment and management booth. I could distill the bulk of the questions I got into two individual queries: Is it true that you can do online mailbox moves in Exchange 2010, and if I'm using Exchange 2003 right now, should I move to Exchange 2007 or Exchange 2010? These were popular enough questions that I'm working on separate posts for them.

The session itself went well, although I was in one of the cavernous 600-seat rooms, so it felt kind of empty. I demoed the OCS 2007 R2 topology planning tool and showed some screen shots of the new device management console (having neglected to bring a real device with me to manage!) Afterwards I got into a long discussion with some folks from the University of Florida about how their helpdesk might use OCS, plus I met Tyler Regas for the first time face-to-face. Following the session, I had to duck out and grab a taxi to the airport to catch my flight home.

One post-show update: in UNC304, I mentioned the client interoperability matrix for using multiple points of presence, or MPOP. Microsoft's Peter Schmatz was kind enough to send along an updated link to the most recent matrix; it's here.

Monday was my first full day of TechEd. It was pretty uneventful; I worked a shift in the Technical Learning Center at the "Anywhere Access" booth, along with Microsoft's Adam Glick. We got quite a few questions about general Exchange 2010 features, but not that many that were specific to the booth area. (This pattern would prove to repeat itself over the next few days). After my booth shift was over, I attended some MVP deep-dive technical sessions that Robin Martin-Emerson, our MVP lead, had arranged with the product team. The most interesting one to me was the one that covered the detailed process of moving from on-premises Exchange to the Exchange Online service. I'll have more to say about that in a future post.

After the MVP sessions ended, I went back to the hotel and did some preparation work for my sessions, and went to an MVP dinner with Rajesh Jha (Microsoft's corporate VP in charge of Exchange) and a number of members of his team. Dinner was good (the Palm is supposedly famous as a celebrity hangout), but the conversation was better-- we had a number of spirited conversations about topics as diverse as mixed martial arts, baseball, and LA traffic. All in all, a pretty good day; the cab ride home (six MVPs, one cab) was a great finish.

Monday was my first full day of TechEd. It was pretty uneventful; I worked a shift in the Technical Learning Center at the "Anywhere Access" booth, along with Microsoft's Adam Glick. We got quite a few questions about general Exchange 2010 features, but not that many that were specific to the booth area. (This pattern would prove to repeat itself over the next few days). After my booth shift was over, I attended some MVP deep-dive technical sessions that Robin Martin-Emerson, our MVP lead, had arranged with the product team. The most interesting one to me was the one that covered the detailed process of moving from on-premises Exchange to the Exchange Online service. I'll have more to say about that in a future post.

After the MVP sessions ended, I went back to the hotel and did some preparation work for my sessions, and went to an MVP dinner with Rajesh Jha (Microsoft's corporate VP in charge of Exchange) and a number of members of his team. Dinner was good (the Palm is supposedly famous as a celebrity hangout), but the conversation was better-- we had a number of spirited conversations about topics as diverse as mixed martial arts, baseball, and LA traffic. All in all, a pretty good day; the cab ride home (six MVPs, one cab) was a great finish.

I can't believe I forgot to mention this before, but there's an extremely cool new feature in Exchange 2010's unified messaging engine. Exchange 2007 supported three different audio codecs for UM: WMA, GSM 06.10, and GSM G.711. You could pick a codec for individual users, but that wasn't a great solution for non-Windows Mobile devices.

Exchange 2010 changes this support; it now comes with MP3 support, and MP3 is the default codec used for voice messages. This greatly improves the experience of working with voice messages by making them easier to open and manage. Try it, you'll like it!

Exchange 2007 has a nifty feature that can nonetheless be annoying: it generates tattle-tale messages that tell you when someone forwards a meeting notification. Say that Alice schedules a meeting with Bob, and Bob forwards the invite to Carol. When Exchange sees the forward, it generates a notification in Alice's Inbox. (Or, in this case, Paul schedules a meeting with Anup, who forwards it to James).

One problem with this feature: you can't turn it off! I'm not sure why the Exchange team designed things this way, but they did. However, there are two mitigations.

You can prevent Exchange from sending the messages to external domains with the set-remoteDomain cmdlet (Set-RemoteDomain -MeetingForwardNotificationEnabled $false will do the trick). This allows you to avoid spamming your correspondents with notifications when you forward a meeting invite internally.

You can also force Exchange to automatically move a user's meeting forward notifications to her Deleted Items folder with Set-MailboxCalendarSettings -RemoveForwardedMeetingNotifications $true. If this switch were enabled on my account, when Anup forwards my invite to James, I wouldn't see the forward notification.

(Note: I haven't checked to see what changes, if any, Exchange 2010 makes to this area. More info once I've had a chance to do some digging.)

Exchange 2007 has a nifty feature that can nonetheless be annoying: it generates tattle-tale messages that tell you when someone forwards a meeting notification. Say that Alice schedules a meeting with Bob, and Bob forwards the invite to Carol. When Exchange sees the forward, it generates a notification in Alice's Inbox. (Or, in this case, Paul schedules a meeting with Anup, who forwards it to James).

One problem with this feature: you can't turn it off! I'm not sure why the Exchange team designed things this way, but they did. However, there are two mitigations.

You can prevent Exchange from sending the messages to external domains with the set-remoteDomain cmdlet (Set-RemoteDomain -MeetingForwardNotificationEnabled $false will do the trick). This allows you to avoid spamming your correspondents with notifications when you forward a meeting invite internally.

You can also force Exchange to automatically move a user's meeting forward notifications to her Deleted Items folder with Set-MailboxCalendarSettings -RemoveForwardedMeetingNotifications $true. If this switch were enabled on my account, when Anup forwards my invite to James, I wouldn't see the forward notification.

(Note: I haven't checked to see what changes, if any, Exchange 2010 makes to this area. More info once I've had a chance to do some digging.)

Actually, I'm a day late-- I should have posted this last night, but I was too tired! I had an uneventful flight from DTW-LAX on a crowded but bearable NW A320, then a remarkably expensive yet reasonably safe taxi ride to the Sheraton Los Angeles downtown.

I'm in Los Angeles for TechEd 2009, where I'm presenting and working in the Exchange booth. Today I've got a couple of phone meetings with my 3Sharp posse, then a session in the "Anywhere Access" section of the Exchange booth from 1115 to 1445. Following that, I plan to attend a set of MVP deep-dive sessions that the product group is putting on, then I'll be able to take a short break before having dinner with some folks from the Exchange product team.

Tomorrow things heat up: I have booth duty (this time in the "Protection and Compliance" area) from 0930 to 1230, followed by a session (UNC01-INT) from 1445-1600 in the Interactive Theater "Yellow 1" area on Microsoft's Exchange Online offering. I plan to do a bunch of demos there, so if you're interested in how Exchange Online works, stop by!

Wednesday I have booth duty again (0930-1230 in "Deployment and Management"), after which I'm doing a session (UNC304) on OCS 2007 R2 deployment and management. That should be fun, but I'll be watching the clock (and trying hard to finish on time, something I rarely do) in order to make my flight home.

If you're in the area, feel free to stop by and say hello!

As I said in a recent webcast, if you depend on employees to implement whatever your e-discovery and retention policies are, you don't have a policy; you have a set of suggestions. It looks like Judge David Nuffer of the US Federal District Court for Utah agrees. In the case at hand, the plaintiff, Dr Philip Adams, was suing ASUS for patent infringement. ASUS failed to produce a number of records that Adams alleged should have been produced. Upon investigation, it turned out that ASUS largely left compliance with discovery policies up to individual employees, some of whom didn't do a very good job of actually following those policies. Individual employees were responsible for deciding what information to keep, then storing it locally on their computers-- but they were also responsible for preserving information when they got new computers (which, given that ASUS makes computers, probably happened more often than it does for most of us!) Here's part of what the judge said:

The culpability in this case appears at this time to be founded in ASUS' questionable information management practices. A court--and more importantly, a litigant--is not required to simply accept whatever information management practices a party may have. A practice may be unreasonable, given responsibilities to third parties. While a party may design its information management practices to suit its business purposes, one of those business purposes must be accountability to third parties.

In plain English, that means that it's not OK to assume that your employees will always do the correct thing to safeguard critical business information. This decision is great news for archiving vendors, of course, but it should also be a warning to those who depend solely on employee actions (even when combined with messaging records management) to protect their interests. Two simple takeaways:

• If you don't have a records management / discovery policy, you'd better get one because letting individuals make up policy on their own is now proven to fail
• If you already have a policy, you'd better have an automated means of implementing and enforcing it.

As I said in a recent webcast, if you depend on employees to implement whatever your e-discovery and retention policies are, you don't have a policy; you have a set of suggestions. It looks like Judge David Nuffer of the US Federal District Court for Utah agrees. In the case at hand, the plaintiff, Dr Philip Adams, was suing ASUS for patent infringement. ASUS failed to produce a number of records that Adams alleged should have been produced. Upon investigation, it turned out that ASUS largely left compliance with discovery policies up to individual employees, some of whom didn't do a very good job of actually following those policies. Individual employees were responsible for deciding what information to keep, then storing it locally on their computers-- but they were also responsible for preserving information when they got new computers (which, given that ASUS makes computers, probably happened more often than it does for most of us!) Here's part of what the judge said:

The culpability in this case appears at this time to be founded in ASUS' questionable information management practices. A court--and more importantly, a litigant--is not required to simply accept whatever information management practices a party may have. A practice may be unreasonable, given responsibilities to third parties. While a party may design its information management practices to suit its business purposes, one of those business purposes must be accountability to third parties.

In plain English, that means that it's not OK to assume that your employees will always do the correct thing to safeguard critical business information. This decision is great news for archiving vendors, of course, but it should also be a warning to those who depend solely on employee actions (even when combined with messaging records management) to protect their interests. Two simple takeaways:

• If you don't have a records management / discovery policy, you'd better get one because letting individuals make up policy on their own is now proven to fail
• If you already have a policy, you'd better have an automated means of implementing and enforcing it.

There's a whole lot to talk about from an information protection standpoint in Exchange 2010. The two biggest features I want to talk about are transport protection encryption (TPE) and protected voice mail. Oddly enough, these two are related even though they may not seem to be.

Transport protection encryption is what Microsoft calls the new integration between Active Directory Rights Management Services (AD RMS) and Exchange transport rules. Simply put, you can define transport rules that automatically apply AD RMS templates to messages in transit. You can use the same predicates and conditions available to transport rules in Exchange 2007. However, there are now actions that let you automatically apply a selected RMS template to messages that match the conditions and exceptions in your rules. For example, you could automatically apply a "company confidential" template to any messages sent to your outside law firm-- not a bad idea given the ease of accidentally sending messages where they don't belong.

Outlook Protection Rules is a new client-side feature (implemented via an add-in for Outlook 2010). The add-in allows you to apply a transport rule-like mechanism to get client-side protection. For example, you can push an Outlook protection rule that automatically applies a certain AD RMS template to a message before it's sent. The user may or may not be able to override the rule, depending on whether you made it mandatory or not. When you use these rules, the message is protected at the desktop so that administrators can't read it. This is useful protection for scenarios where a third-party hosted service (like, oh, this one) might otherwise be able to gain access to sensitive items.

In Exchange 2010, the transport and journaling components can read IRM-protected messages. This means that these messages can be journaled, indexed, filtered, and so on, and that transport agents can apply signatures, disclaimers, and message hygiene policies.

Another thing that's very, very cool: AD RMS is supported in OWA 2010 and on non-Windows Mobile devices. This builds on the AD RMS prelicensing agent shipped with Exchange 2007 SP1, which will proactively request a license for protected content before delivering the message containing that content to your mailbox. The client access server (CAS) will request the license and, on the fly, render the message for the client's display.

Now, I promised to mention protected voice mail. Many legacy voice mail systems let you mark messages as private, but Exchange 2007 didn't include this feature. Exchange 2010 does, though. It's implemented using AD RMS; when a caller marks a message as private, the UM server applies a do-not-forward template to the message before it's submitted to the hub transport server. (Often-asked question: can you use other RMS templates instead of do-not-forward? No, you can't.)

Moderation is another awfully interesting feature, but I'll have to write about it later-- my dinner, a bag of tasty microwave popcorn, is done!

There's a whole lot to talk about from an information protection standpoint in Exchange 2010. The two biggest features I want to talk about are transport protection encryption (TPE) and protected voice mail. Oddly enough, these two are related even though they may not seem to be.

Transport protection encryption is what Microsoft calls the new integration between Active Directory Rights Management Services (AD RMS) and Exchange transport rules. Simply put, you can define transport rules that automatically apply AD RMS templates to messages in transit. You can use the same predicates and conditions available to transport rules in Exchange 2007. However, there are now actions that let you automatically apply a selected RMS template to messages that match the conditions and exceptions in your rules. For example, you could automatically apply a "company confidential" template to any messages sent to your outside law firm-- not a bad idea given the ease of accidentally sending messages where they don't belong.

Outlook Protection Rules is a new client-side feature (implemented via an add-in for Outlook 2010). The add-in allows you to apply a transport rule-like mechanism to get client-side protection. For example, you can push an Outlook protection rule that automatically applies a certain AD RMS template to a message before it's sent. The user may or may not be able to override the rule, depending on whether you made it mandatory or not. When you use these rules, the message is protected at the desktop so that administrators can't read it. This is useful protection for scenarios where a third-party hosted service (like, oh, this one) might otherwise be able to gain access to sensitive items.

In Exchange 2010, the transport and journaling components can read IRM-protected messages. This means that these messages can be journaled, indexed, filtered, and so on, and that transport agents can apply signatures, disclaimers, and message hygiene policies.

Another thing that's very, very cool: AD RMS is supported in OWA 2010 and on non-Windows Mobile devices. This builds on the AD RMS prelicensing agent shipped with Exchange 2007 SP1, which will proactively request a license for protected content before delivering the message containing that content to your mailbox. The client access server (CAS) will request the license and, on the fly, render the message for the client's display.

Now, I promised to mention protected voice mail. Many legacy voice mail systems let you mark messages as private, but Exchange 2007 didn't include this feature. Exchange 2010 does, though. It's implemented using AD RMS; when a caller marks a message as private, the UM server applies a do-not-forward template to the message before it's submitted to the hub transport server. (Often-asked question: can you use other RMS templates instead of do-not-forward? No, you can't.)

Moderation is another awfully interesting feature, but I'll have to write about it later-- my dinner, a bag of tasty microwave popcorn, is done!

Yay! I survived the first week of my training in Monterey! A few random observations:

• Training people 1:1 for 10-12 hours a day is quite demanding. I have to give my students a break every hour or so, not because they need it but because I need it. The energy and enthusiasm of the sailors I'm working with is definitely motivating, though.
• Exchange 2003 looks really old after a year of working with Exchange 2010. It's a little scary, in fact, how old some of the hardware and software that the Navy has to use is; some of the shipboard routers our sailors depend on are so old that the manufacturer doesn't support them any longer.
• Our lunch and dinner meals are catered by the local Whole Foods. Those folks can definitely cook, but it's not as good as Arlene's home cooking. Thankfully they're not providing desserts, or I'd probably blow up.
• I had forgotten what apartment life was like. Arlene and I lived in an apartment the first year and a half of our marriage, but that was a long time ago! The apartment I'm in has noisy upstairs neighbors, plus a cat infestation that results in nightly catfights somewhere not far outside my bedroom window. On the other hand, it's nice to not be in a hotel; I have a real kitchen.
• In Monterey, apparently caffeine-free diet Coke is illegal, because I sure can't find it anywhere.
• The Monterey Bay Aquarium really is as good as you've heard. However, it wasn't much fun going there without the kids. It's just not the same without my family around!

Today I spent some time driving around the city (which didn't take long, hemmed in as it is by Monterey Bay). I toured the aquarium for about two hours (photos here), dropped by the local Goodwill to pick out a couple of new shirts, found a place to do my laundry, and so on. I briefly debated going to see the new X-Men movie but opted instead for some Whole Foods organic microwave popcorn and some more of season 2 of The Wire. Tomorrow I'll be attending the Monterey ward, then my old friend Chris Larsen and I are going to get together and do some sightseeing. It should be a nice relaxing day, which is important given that I start teaching again bright and early Monday.

I had planned to write a long, detailed post on MailTips, but… well, you know the old saying: "you snooze, you lose." I was beaten to it by EJ, who happens to be the MailTips program manager at Microsoft. If you want to get a sense of what MailTips are and how they work, see his post at the Exchange team blog. However, note that MailTips require support in the client (OWA 2010 or Outlook 2010) and on the server. The public beta version of Exchange 2010 has the server support, but not the OWA support, so you won't be able to test them yourself unless and until Microsoft releases a more recent server build to the public.

I had planned to write a long, detailed post on MailTips, but… well, you know the old saying: "you snooze, you lose." I was beaten to it by EJ, who happens to be the MailTips program manager at Microsoft. If you want to get a sense of what MailTips are and how they work, see his post at the Exchange team blog. However, note that MailTips require support in the client (OWA 2010 or Outlook 2010) and on the server. The public beta version of Exchange 2010 has the server support, but not the OWA support, so you won't be able to test them yourself unless and until Microsoft releases a more recent server build to the public.

Moz Hussein, Rajesh Jha, and Gurdeep Singh Pall delivered the INTERACT 2009 keynote. (I was liveblogging it, but couldn't post it until after the event, then I forgot.)

Rajesh: software + services is a "very pragmatic, and I think in some ways, inevitable, part of every organization's array of things to think about." Every org has to decide what's best for it based on constraints, goals, compliance requirements, etc. S+S means "no technology ultimatum" imposed by the vendor: you can move workload between the cloud and premises in whatever mix makes sense for you. "We think about 40% of organizations don't offer e-mail or advanced communication services to their employees"-- target for Deskless Worker Services. Experiences from running Exchange 2010 dogfood for Exchange Labs has provided great feedback, including accelerated innovation and stability.

Gurdeep: what's OCS doing around services? "First and foremost, we're letting Exchange go in and figure out our problems!" (this got a big laugh.) IM and presence being offered starting 15 April for Office Communications Online standard edition customers.

Rajesh: Consumer technologies aren't manageable, but consumerization of IT is real-- it's happening. Every university, college, high school student is used to gigabyte mailboxes. Technology that works for the older generation may not be what you need to attract and retain the newer generation.

Gurdeep: "I'll never forgive marketing folks for changing the INTERACT format." (chuckles) Lots of change and transformation in the voice market, all going on with the backdrop of "the biggest economic event we'll see in our lifetimes." It's both concerning and a great opportunity.

Moz: what does the economy mean for IT pros?

Gurdeep: a lot of things are out of our control. People deal with that in different ways. Within Microsoft, we discussed how to deal with this. Researched the Great Depression, including figuring out how many of the Fortune 100 survived and/or grew. Common thread: innovation and transformation (e.g. Sears transformed from exclusive mail-order to rural customers to a mix of mail-order and retail). Things to do: manage costs "like you've never done before", but be careful not to eat away muscle-- during a rebound, that's when you'll fail. #1 step typically is changing how you do things.

Moz: what does "unified" really mean?

Gurdeep: NYC is an amazing city. Latest discovery: you can buy great, amazing brand-name bags right on the street for real cheap! (laughs) What's interesting: those were cheap imitations. Problem in this industry: we have expensive imitations in the UC space. After intro of UC technology, benefits have driven wide adoption of "unified" as a moniker, but lots of so-called UC systems are the results of acquisitions-- multiple user experiences, multiple back-ends, complicated provisioning. Important for buyers to be savvy about what's unified and what isn't. Don't be fooled by checkbox comparisons. How many distinct user experiences are users going to be subjected to? Video conferencing systems are semi-widespread, but why aren't they used more? They're too hard to use! MS focus on single directory, single set of components, single management experience provides a true unified experience. How did a billion people get on the Internet? Self-driven-- you couldn't intentionally train a billion people to do anything if you wanted to.

Moz: how are Exchange and OCS getting closer together?

Gurdeep: we're already tied together in many ways: directory, common contacts, etc. "If you have Exchange 2007 deployed, then adding OCS 2007 R2, is much easier now than it has been in the past." Still some areas of mismatch (like Powershell; Powershell support coming to OCS in the next release). As we move forward, we're looking at other integration points, but "you cannot push this too far"-- handling for different content types like voice and e-mail are fundamentally different.

Rajesh: my favorite OCS feature is that they're going to be adding PowerShell, "giving everyone a unified way to manage. That's a great example where we're working towards giving you more common tools across workloads."

Gurdeep: my favorite Exchange feature: 70% IOPS reduction from Exchange 2003 to Exchange 2007, then a further 50% reduction from 2007 to Exchange 2010.

Moz: how should people be approaching the architecture for UC?

Gurdeep: I have all these disparate systems for conferencing, video, etc. I made disparate decisions to buy them because they're separate silos. Microsoft's UC vision unifies all these things, but you can't just throw away what you already have. First priority: develop an overall UC architecture vision to get a "magnetic north". If you're ready to resign your expensive contract for audioconferencing service, having an architecture helps you consider rolling out OCS for that-- and once the infrastructure is in place, you can easily and quickly add new capabilities. IM and presence are core features that are easy to get up and running. For many of your users, ask the question: is that desk phone still necessary? Would you rather buy a $300 netbook or a $300 IP phone? Lifetime costs for phones are baked into the system-- you have to discover and eliminate them. Simple rule: if you can get down to 1 of anything, likely you'll be paying less for it. PBX industry is a lot like the mainframe industry: vertically integrated, single source. Once they sold you the mainframe, they had you! "Don't buy the mainframe!" The decisions you make now will lock you in for the next 5-6 years. Don't get locked in, and be savvy about the cost and changes that are there.

Moz: as you think about the role of the IT pro, what's the to-do list for prospering in the current situation?

Rajesh: Very important to have a vision of where you want to go. Economic environment imposes constraints. Resource constraints can be a huge clarifying factor: we force ourselves to impose constraints and use them to make progress on longer-term plans. Admins lead by understanding their organizational goals and technologies, then driving changes.

Gurdeep: no one ever calls telecom managers to ask them to help move solutions forward-- they call to yell that phones are down. Change in roles: have to figure out how to get ahead and move the business forward. Many examples: if the economic situation stays like this, companies will have to ask whether it makes sense to have expensive real estate.

Moz: we're announcing Exchange 14 tomorrow. What 3 things do you most want to talk about?

Rajesh: Let me do 4! Super-excited about Exchange 2010. Available in public beta on 15 April. First key investment: important for us to keep the end user in mind. What we do to make them productive translates into cost savings. $650 billion/yr lost to e-mail interruptions (based on Basex): 25% of IW workday is responding to e-mail. We give you access from broad range of mobile phones and browsers, but we also provide tools to manage information overload. MailTips, voice mail preview, "ignore conversation". Archiving and compliance improvements.

Gurdeep: having IM contacts built into OWA is a very cool feature too.

Q&A

What are some of the developer opportunities for this combined platform?

Gurdeep: taking a software-centric approach opens up a lot of opportunities. Developer opportunity really isn't there on traditional PBX systems.Single biggest opportunity for transformation isn't replacing voice with OCS-- it's to allow you to think across all the software in your enterprise with communications-enabled business processes (CEBP). A word of caution: enterprise developers speak a different language! Example: "MSExpense is a tool that we use so that when you spend money we cause you pain." We're working with the internal app developers to IM and presence-enable MSExpense so the app can use presence status to alert people and make routing decisions.

Rajesh: Mac Business Unit moving to Exchange Web Services for Entourage. We're also trying to get RIM to move their services over to EWS instead of MAPI.

How is Microsoft using software + services?

Rajesh: We're moving some of our internal users over to the services platform. We're using the high availability and DAS work that we've been doing for customers internally as a proving ground.

What are some of the biggest blockers to software + services?

Gurdeep: go back to 1997-- knowing what you know now, would you buy a mainframe? There are industries where software as an application can become a blocker.

Moz Hussein, Rajesh Jha, and Gurdeep Singh Pall delivered the INTERACT 2009 keynote. (I was liveblogging it, but couldn't post it until after the event, then I forgot.)

Rajesh: software + services is a "very pragmatic, and I think in some ways, inevitable, part of every organization's array of things to think about." Every org has to decide what's best for it based on constraints, goals, compliance requirements, etc. S+S means "no technology ultimatum" imposed by the vendor: you can move workload between the cloud and premises in whatever mix makes sense for you. "We think about 40% of organizations don't offer e-mail or advanced communication services to their employees"-- target for Deskless Worker Services. Experiences from running Exchange 2010 dogfood for Exchange Labs has provided great feedback, including accelerated innovation and stability.

Gurdeep: what's OCS doing around services? "First and foremost, we're letting Exchange go in and figure out our problems!" (this got a big laugh.) IM and presence being offered starting 15 April for Office Communications Online standard edition customers.

Rajesh: Consumer technologies aren't manageable, but consumerization of IT is real-- it's happening. Every university, college, high school student is used to gigabyte mailboxes. Technology that works for the older generation may not be what you need to attract and retain the newer generation.

Gurdeep: "I'll never forgive marketing folks for changing the INTERACT format." (chuckles) Lots of change and transformation in the voice market, all going on with the backdrop of "the biggest economic event we'll see in our lifetimes." It's both concerning and a great opportunity.

Moz: what does the economy mean for IT pros?

Gurdeep: a lot of things are out of our control. People deal with that in different ways. Within Microsoft, we discussed how to deal with this. Researched the Great Depression, including figuring out how many of the Fortune 100 survived and/or grew. Common thread: innovation and transformation (e.g. Sears transformed from exclusive mail-order to rural customers to a mix of mail-order and retail). Things to do: manage costs "like you've never done before", but be careful not to eat away muscle-- during a rebound, that's when you'll fail. #1 step typically is changing how you do things.

Moz: what does "unified" really mean?

Gurdeep: NYC is an amazing city. Latest discovery: you can buy great, amazing brand-name bags right on the street for real cheap! (laughs) What's interesting: those were cheap imitations. Problem in this industry: we have expensive imitations in the UC space. After intro of UC technology, benefits have driven wide adoption of "unified" as a moniker, but lots of so-called UC systems are the results of acquisitions-- multiple user experiences, multiple back-ends, complicated provisioning. Important for buyers to be savvy about what's unified and what isn't. Don't be fooled by checkbox comparisons. How many distinct user experiences are users going to be subjected to? Video conferencing systems are semi-widespread, but why aren't they used more? They're too hard to use! MS focus on single directory, single set of components, single management experience provides a true unified experience. How did a billion people get on the Internet? Self-driven-- you couldn't intentionally train a billion people to do anything if you wanted to.

Moz: how are Exchange and OCS getting closer together?

Gurdeep: we're already tied together in many ways: directory, common contacts, etc. "If you have Exchange 2007 deployed, then adding OCS 2007 R2, is much easier now than it has been in the past." Still some areas of mismatch (like Powershell; Powershell support coming to OCS in the next release). As we move forward, we're looking at other integration points, but "you cannot push this too far"-- handling for different content types like voice and e-mail are fundamentally different.

Rajesh: my favorite OCS feature is that they're going to be adding PowerShell, "giving everyone a unified way to manage. That's a great example where we're working towards giving you more common tools across workloads."

Gurdeep: my favorite Exchange feature: 70% IOPS reduction from Exchange 2003 to Exchange 2007, then a further 50% reduction from 2007 to Exchange 2010.

Moz: how should people be approaching the architecture for UC?

Gurdeep: I have all these disparate systems for conferencing, video, etc. I made disparate decisions to buy them because they're separate silos. Microsoft's UC vision unifies all these things, but you can't just throw away what you already have. First priority: develop an overall UC architecture vision to get a "magnetic north". If you're ready to resign your expensive contract for audioconferencing service, having an architecture helps you consider rolling out OCS for that-- and once the infrastructure is in place, you can easily and quickly add new capabilities. IM and presence are core features that are easy to get up and running. For many of your users, ask the question: is that desk phone still necessary? Would you rather buy a $300 netbook or a $300 IP phone? Lifetime costs for phones are baked into the system-- you have to discover and eliminate them. Simple rule: if you can get down to 1 of anything, likely you'll be paying less for it. PBX industry is a lot like the mainframe industry: vertically integrated, single source. Once they sold you the mainframe, they had you! "Don't buy the mainframe!" The decisions you make now will lock you in for the next 5-6 years. Don't get locked in, and be savvy about the cost and changes that are there.

Moz: as you think about the role of the IT pro, what's the to-do list for prospering in the current situation?

Rajesh: Very important to have a vision of where you want to go. Economic environment imposes constraints. Resource constraints can be a huge clarifying factor: we force ourselves to impose constraints and use them to make progress on longer-term plans. Admins lead by understanding their organizational goals and technologies, then driving changes.

Gurdeep: no one ever calls telecom managers to ask them to help move solutions forward-- they call to yell that phones are down. Change in roles: have to figure out how to get ahead and move the business forward. Many examples: if the economic situation stays like this, companies will have to ask whether it makes sense to have expensive real estate.

Moz: we're announcing Exchange 14 tomorrow. What 3 things do you most want to talk about?

Rajesh: Let me do 4! Super-excited about Exchange 2010. Available in public beta on 15 April. First key investment: important for us to keep the end user in mind. What we do to make them productive translates into cost savings. $650 billion/yr lost to e-mail interruptions (based on Basex): 25% of IW workday is responding to e-mail. We give you access from broad range of mobile phones and browsers, but we also provide tools to manage information overload. MailTips, voice mail preview, "ignore conversation". Archiving and compliance improvements.

Gurdeep: having IM contacts built into OWA is a very cool feature too.

Q&A

What are some of the developer opportunities for this combined platform?

Gurdeep: taking a software-centric approach opens up a lot of opportunities. Developer opportunity really isn't there on traditional PBX systems.Single biggest opportunity for transformation isn't replacing voice with OCS-- it's to allow you to think across all the software in your enterprise with communications-enabled business processes (CEBP). A word of caution: enterprise developers speak a different language! Example: "MSExpense is a tool that we use so that when you spend money we cause you pain." We're working with the internal app developers to IM and presence-enable MSExpense so the app can use presence status to alert people and make routing decisions.

Rajesh: Mac Business Unit moving to Exchange Web Services for Entourage. We're also trying to get RIM to move their services over to EWS instead of MAPI.

How is Microsoft using software + services?

Rajesh: We're moving some of our internal users over to the services platform. We're using the high availability and DAS work that we've been doing for customers internally as a proving ground.

What are some of the biggest blockers to software + services?

Gurdeep: go back to 1997-- knowing what you know now, would you buy a mainframe? There are industries where software as an application can become a blocker.

The fact that Exchange 2010 includes database availability groups has some implications that you may not have thought of. Most of them, I hadn't thought of either, which is why it's great that there are smart people like Ross Smith IV (the original; accept no substitutes). Ross sent some suggested practices for Exchange 2010 database naming to TAP admins, and I wanted to share them.

Here's the deal: in Exchange 2007 and earlier, mailbox and public folder databases are children of server objects. That means that you can uniquely identify a database by a combination of its name (which may not be unique throughout the forest) and its server name (which is guaranteed by AD to be unique). In Exchange 2010, the database is no longer "owned" by a particular server. Instead, it's a member of a DAG, and it may actually become active on any server in the DAG at any time. That means that your database names shouldn't include the name of the server. DAGs can span AD sites, too, so guess what: don't use the AD site name (or the name of the physical datacenter) either. Otherwise the name of the database may not correspond in any way to where the database is actually active.

Finally, consider carefully whether you want to include the name of the organization or company. This has nothing to do with DAGs per se, but rather with the overhead of updating database names after a merger, acquisition, or rebranding. Unless, of course, you work for Contoso, in which case you should be OK.

The fact that Exchange 2010 includes database availability groups has some implications that you may not have thought of. Most of them, I hadn't thought of either, which is why it's great that there are smart people like Ross Smith IV (the original; accept no substitutes). Ross sent some suggested practices for Exchange 2010 database naming to TAP admins, and I wanted to share them.

Here's the deal: in Exchange 2007 and earlier, mailbox and public folder databases are children of server objects. That means that you can uniquely identify a database by a combination of its name (which may not be unique throughout the forest) and its server name (which is guaranteed by AD to be unique). In Exchange 2010, the database is no longer "owned" by a particular server. Instead, it's a member of a DAG, and it may actually become active on any server in the DAG at any time. That means that your database names shouldn't include the name of the server. DAGs can span AD sites, too, so guess what: don't use the AD site name (or the name of the physical datacenter) either. Otherwise the name of the database may not correspond in any way to where the database is actually active.

Finally, consider carefully whether you want to include the name of the organization or company. This has nothing to do with DAGs per se, but rather with the overhead of updating database names after a merger, acquisition, or rebranding. Unless, of course, you work for Contoso, in which case you should be OK.

Following up on my post from the other day where I linked to Scott's step-by-step install instructions: my homeboys at Gold Systems have posted a step-by-step install guide covering installing the Exchange UM role in Exchange 2010. The big difference from a regular install is that you need the Windows Server 2008 Desktop Experience feature, because it includes the necessary audio codecs.

Following up on my post from the other day where I linked to Scott's step-by-step install instructions: my homeboys at Gold Systems have posted a step-by-step install guide covering installing the Exchange UM role in Exchange 2010. The big difference from a regular install is that you need the Windows Server 2008 Desktop Experience feature, because it includes the necessary audio codecs.

I got some great feedback via e-mail from my previous post about the value of Microsoft's MCM training. Shortly after I posted, Devin wrote a long and detailed post on the actual economics of getting an MCM: what it costs vs what you can potentially earn. In conjunction with his argument, I wanted to point out that the OCS MCM class is now on sale for its next two rotations: R2 (April 27-May 16) has a 50% "public beta" discount, and R3 (June 8-27) has a 30% discount. If only I had time to go!

I got some great feedback via e-mail from my previous post about the value of Microsoft's MCM training. Shortly after I posted, Devin wrote a long and detailed post on the actual economics of getting an MCM: what it costs vs what you can potentially earn. In conjunction with his argument, I wanted to point out that the OCS MCM class is now on sale for its next two rotations: R2 (April 27-May 16) has a 50% "public beta" discount, and R3 (June 8-27) has a 30% discount. If only I had time to go!

Scott Schnoll and his posse delivered a great session on availability technology in Exchange 2010 at INTERACT yesterday. We've been using this technology for a while now at 3Sharp, and it really is very, very cool.

So, the really big availability news in Exchange 2010 is the introduction of a new construct, the database availability group (DAG). The DAG is a collection of up to 16 servers, each of which can contain a replica of a mailbox database. For example, I could put MDB1, MDB2, and MDB3 on server1, MDB2 and MDB4 on server2, MDB1 and MDB3 on server 3, and so on.

Mailbox databases are now the target object for failover-- instead of having an entire mailbox server failover using Windows clustering, the mailbox database itself fails over to another server within the same DAG. For example, MDB1 can move from server1 to server3, either automatically or manually.

Essentially, this is a mechanism for replicating mailbox databases between servers, something that the Exchange admin community has been asking for for years! Some highlights:

• Log shipping no longer uses SMB; instead it uses the ESE streaming API for seeding [ed: hat tip Scott Schnoll for the correction], which is considerably more efficient, and raw TCP sockets for replication. In Exchange 2007, there was one SMB session for all databases on a server. In Exchange 2010, there's one TCP socket per database, so scalability and parallelization are greatly improved.
• This provides HA for systems that are built on top of DAS; in fact, it's optimized for DAS. You can use dedicated storage per node; replication means that you can use JBODs without even using RAID.
• DAGs can span AD sites, subnets, and so on (although all servers in the DAG must be in the same AD domain). You can control and throttle DAG replication at the network level or using the DAG controls for log lag.
• The setup experience is completely different than SCC. To enable a DAG, you create a DAG and then add database replicas to it. You don't have to manually create any of the failover mechanisms, install any Windows prerequisites, or any of the stuff you'd have to do with single-copy clusters (SCC).
  

The advent of the DAG means that some legacy features are disappearing. First, there are no storage groups in Exchange 2010-- each database has its own associated set of logs. Second, SCC is dead (e.g. no longer supported). Personally, I won't miss it.

Interesting question posed by Josh Maher: do you still need backups? We debated this hotly at the MVP Summit. Microsoft's position is that some organizations may choose to do fewer backups once they deploy DAGs because their databases are already distributed across multiple servers in multiple sites. Of course, this distribution doesn't protect you against logical errors in the database, which to me weakens the argument that you don't need backups. Microsoft itself doesn't do backups internally any longer. They don't have business requirements to recover long-term archived mail.

Public folders: no changes, except that you can no longer use continuous replication for public folders. You can put a PF database on a server that's in a DAG, but you can't put the PF database itself into the DAG. Because Exchange 2007 limited you to having a single PF database per CCR-protected storage group, this isn't actually a loss.

More to come on this topic-- heaven knows there will be a lot of interesting stuff to explore as people start experimenting with DAGs in their lab. As for us, we're about to expand our Redmond DAG by adding a server in Toledo to give us site resiliency too-- should be fun!

UPDATE 15 Apr 1405 PDT: Ewan Dalton has more on the new features here.

Scott Schnoll and his posse delivered a great session on availability technology in Exchange 2010 at INTERACT yesterday. We've been using this technology for a while now at 3Sharp, and it really is very, very cool.

So, the really big availability news in Exchange 2010 is the introduction of a new construct, the database availability group (DAG). The DAG is a collection of up to 16 servers, each of which can contain a replica of a mailbox database. For example, I could put MDB1, MDB2, and MDB3 on server1, MDB2 and MDB4 on server2, MDB1 and MDB3 on server 3, and so on.

Mailbox databases are now the target object for failover-- instead of having an entire mailbox server failover using Windows clustering, the mailbox database itself fails over to another server within the same DAG. For example, MDB1 can move from server1 to server3, either automatically or manually.

Essentially, this is a mechanism for replicating mailbox databases between servers, something that the Exchange admin community has been asking for for years! Some highlights:

• Log shipping no longer uses SMB; instead it uses the ESE streaming API for seeding [ed: hat tip Scott Schnoll for the correction], which is considerably more efficient, and raw TCP sockets for replication. In Exchange 2007, there was one SMB session for all databases on a server. In Exchange 2010, there's one TCP socket per database, so scalability and parallelization are greatly improved.
• This provides HA for systems that are built on top of DAS; in fact, it's optimized for DAS. You can use dedicated storage per node; replication means that you can use JBODs without even using RAID.
• DAGs can span AD sites, subnets, and so on (although all servers in the DAG must be in the same AD domain). You can control and throttle DAG replication at the network level or using the DAG controls for log lag.
• The setup experience is completely different than SCC. To enable a DAG, you create a DAG and then add database replicas to it. You don't have to manually create any of the failover mechanisms, install any Windows prerequisites, or any of the stuff you'd have to do with single-copy clusters (SCC).
  

The advent of the DAG means that some legacy features are disappearing. First, there are no storage groups in Exchange 2010-- each database has its own associated set of logs. Second, SCC is dead (e.g. no longer supported). Personally, I won't miss it.

Interesting question posed by Josh Maher: do you still need backups? We debated this hotly at the MVP Summit. Microsoft's position is that some organizations may choose to do fewer backups once they deploy DAGs because their databases are already distributed across multiple servers in multiple sites. Of course, this distribution doesn't protect you against logical errors in the database, which to me weakens the argument that you don't need backups. Microsoft itself doesn't do backups internally any longer. They don't have business requirements to recover long-term archived mail.

Public folders: no changes, except that you can no longer use continuous replication for public folders. You can put a PF database on a server that's in a DAG, but you can't put the PF database itself into the DAG. Because Exchange 2007 limited you to having a single PF database per CCR-protected storage group, this isn't actually a loss.

More to come on this topic-- heaven knows there will be a lot of interesting stuff to explore as people start experimenting with DAGs in their lab. As for us, we're about to expand our Redmond DAG by adding a server in Toledo to give us site resiliency too-- should be fun!

UPDATE 15 Apr 1405 PDT: Ewan Dalton has more on the new features here.

It's been killing me not to talk about this, but now I can! On April 15, Microsoft will officially release a public beta of Exchange 2010 (formerly code-named "Exchange 14"). There are so many improvements in the product that I can't decide which ones to talk about first. I'll be updating this post to link to my own blog posts, as well as to interesting posts from other Exchange folks, so you'll see it update frequently.

Update [2233 PST 14 Apr]: the Exchange 2010 beta bits are now available for download!

Update [0549 PST 15 Apr]: the docs are up as well, and Scott Schnoll has posted a step-by-step install guide.

It's been killing me not to talk about this, but now I can! On April 15, Microsoft will officially release a public beta of Exchange 2010 (formerly code-named "Exchange 14"). There are so many improvements in the product that I can't decide which ones to talk about first. I'll be updating this post to link to my own blog posts, as well as to interesting posts from other Exchange folks, so you'll see it update frequently.

Update [2233 PST 14 Apr]: the Exchange 2010 beta bits are now available for download!

Update [0549 PST 15 Apr]: the docs are up as well, and Scott Schnoll has posted a step-by-step install guide.

Last year, INTERACT was a fantastic physical conference held in San Diego (a hard location to beat!) This year, Microsoft's changed things up. There are separate, and mostly concurrent, events in Reading, UK, Boston, and Redmond, plus an online virtual event. I flew in yesterday and am now in the middle of an Exchange high availability session. There are two parallel tracks: one covering Exchange 14, and one covering OCS 2007 R2 topics. I'm mostly attending the Exchange sessions, but there are some pretty nifty OCS sessions as well.

The weather's been weird since I got here; yesterday as I was driving to the Microsoft campus, I drove into a good-sized hailstorm. The hailstones were small, but there were enough of them to perceptibly whiten the ground. Fortunately it stopped hailing before I had to get out of the car!

I'm preparing a series of blog posts on various topics that I'll post over the next few days. Some of these posts have some really exciting stuff in them that hasn't been publicly disclosed yet, so stay tuned!

Last year, INTERACT was a fantastic physical conference held in San Diego (a hard location to beat!) This year, Microsoft's changed things up. There are separate, and mostly concurrent, events in Reading, UK, Boston, and Redmond, plus an online virtual event. I flew in yesterday and am now in the middle of an Exchange high availability session. There are two parallel tracks: one covering Exchange 14, and one covering OCS 2007 R2 topics. I'm mostly attending the Exchange sessions, but there are some pretty nifty OCS sessions as well.

The weather's been weird since I got here; yesterday as I was driving to the Microsoft campus, I drove into a good-sized hailstorm. The hailstones were small, but there were enough of them to perceptibly whiten the ground. Fortunately it stopped hailing before I had to get out of the car!

I'm preparing a series of blog posts on various topics that I'll post over the next few days. Some of these posts have some really exciting stuff in them that hasn't been publicly disclosed yet, so stay tuned!

Man, it's been killing me not to talk about OWA 2010. Take a look at this screenshot:

First: this shot's taken from Safari 4.0 beta 2 on the Mac. That's right: OWA fully supports Safari on Mac OS X (not Windows) and Firefox on the Mac and Windows, along with IE 7+ on Windows. (I can't remember if Linux Firefox is supported or not; I think so but I might be wrong). Safari and Firefox get the full premium OWA experience, with drag-and-drop, spell checking, notifications, and the rest.

Second: check out the presence jellybean in the upper-right corner. OWA is now integrated with OCS. In this case, the screenshot shows my mailbox hosted on Exchange Labs, which features Windows Live Messenger integration. Notice that my Messenger contact list appears in the lower-left side of the navigation bar, and that next to Arlene's name in the message pane, you can see her presence jellybean. (Take a good look at the context menu on the jellybean, too-- looks a lot like the one in Outlook, doesn't it?)

Microsoft's video showed conversation view very briefly, but this is one of my all-time favorite Exchange features. Here's what it looks like in OWA 2010:

So, for the conversation titled "Introduction", I can see all the messages in the thread, with the first non-deleted message automatically highlighted. The conversation view automatically includes deleted messages, sent items, and messages that I've filed in other folders, so I can get a sense of the conversation's length and spread. The view in the message list (on the left) shows how the thread branches (not much, in this case) and the location of each message; the conversation view itself on the right shows the active message, along with controls to expand other messages. Of course, I can select, move, and delete messages either individually or as an entire conversation.

Now, some of you may be scoffing right now, saying "wait a minute-- gmail has had conversation views for a long time." That's true. OWA's view is richer; it displays more visual information and is easier to navigate than gmail's current implementation. Take a look at these two screenshots to see what I'm talking about. The first shows a conversation originally imported from gmail as it appears in OWA 2010; the second shows it in gmail.

Speaking of gmail, OWA 2010 can aggregate and display in your inbox mail from multiple services, too. Check out what one of the Exchange Labs options pages looks like:

There are quite a few things to look at here. First, notice the account information pane, which allows users to set their own address, phone numbers, and so on. As an Exchange admin, I can control whether users may do so or not, but letting them do so has some obvious cost and time savings benefits for the IT staff. Second, apropos of self-service, check out the "Shortcuts" area on the right side of the screen: users can quickly get access to do a number of things directly from within OWA, like setting up Direct Push or creating server-side rules. Finally, notice the "Other Accounts" section; I've set up a link with my gmail account so that mail sent to my gmail address shows up in my Exchange Labs inbox. (OWA 2010 also lets you select the address from which mail is sent, much as Entourage does on the Mac, so I can send messages that appear to be from my domain or from gmail).

I could go on with features. For example, the message list isn't paged any longer-- it scrolls from beginning to end, just like Entourage or Outlook, seamlessly loading messages when necessary. There are tons of other little grace notes like this, but you'll have to wait for RTM to see some of them!

Man, it's been killing me not to talk about OWA 2010. Take a look at this screenshot:

First: this shot's taken from Safari 4.0 beta 2 on the Mac. That's right: OWA fully supports Safari on Mac OS X (not Windows) and Firefox on the Mac and Windows, along with IE 7+ on Windows. (I can't remember if Linux Firefox is supported or not; I think so but I might be wrong). Safari and Firefox get the full premium OWA experience, with drag-and-drop, spell checking, notifications, and the rest.

Second: check out the presence jellybean in the upper-right corner. OWA is now integrated with OCS. In this case, the screenshot shows my mailbox hosted on Exchange Labs, which features Windows Live Messenger integration. Notice that my Messenger contact list appears in the lower-left side of the navigation bar, and that next to Arlene's name in the message pane, you can see her presence jellybean. (Take a good look at the context menu on the jellybean, too-- looks a lot like the one in Outlook, doesn't it?)

Microsoft's video showed conversation view very briefly, but this is one of my all-time favorite Exchange features. Here's what it looks like in OWA 2010:

So, for the conversation titled "Introduction", I can see all the messages in the thread, with the first non-deleted message automatically highlighted. The conversation view automatically includes deleted messages, sent items, and messages that I've filed in other folders, so I can get a sense of the conversation's length and spread. The view in the message list (on the left) shows how the thread branches (not much, in this case) and the location of each message; the conversation view itself on the right shows the active message, along with controls to expand other messages. Of course, I can select, move, and delete messages either individually or as an entire conversation.

Now, some of you may be scoffing right now, saying "wait a minute-- gmail has had conversation views for a long time." That's true. OWA's view is richer; it displays more visual information and is easier to navigate than gmail's current implementation. Take a look at these two screenshots to see what I'm talking about. The first shows a conversation originally imported from gmail as it appears in OWA 2010; the second shows it in gmail.

Speaking of gmail, OWA 2010 can aggregate and display in your inbox mail from multiple services, too. Check out what one of the Exchange Labs options pages looks like:

There are quite a few things to look at here. First, notice the account information pane, which allows users to set their own address, phone numbers, and so on. As an Exchange admin, I can control whether users may do so or not, but letting them do so has some obvious cost and time savings benefits for the IT staff. Second, apropos of self-service, check out the "Shortcuts" area on the right side of the screen: users can quickly get access to do a number of things directly from within OWA, like setting up Direct Push or creating server-side rules. Finally, notice the "Other Accounts" section; I've set up a link with my gmail account so that mail sent to my gmail address shows up in my Exchange Labs inbox. (OWA 2010 also lets you select the address from which mail is sent, much as Entourage does on the Mac, so I can send messages that appear to be from my domain or from gmail).

I could go on with features. For example, the message list isn't paged any longer-- it scrolls from beginning to end, just like Entourage or Outlook, seamlessly loading messages when necessary. There are tons of other little grace notes like this, but you'll have to wait for RTM to see some of them!

The media's been flooded with news about various kinds of job training, including Microsoft's Elevate America program and various state programs targeted at autoworkers, manufacturing workers, and so on. This makes sense, given that the economic mess we're currently in means that there's a lot of turmoil and uncertainty about jobs at all levels. Getting better training almost always makes sense, especially if that training helps increase your market value.

Greg Taylor, who runs the Microsoft Certified Master for Exchange program, just e-mailed me to say that he only has 2 open slots in the next MCM | Exchange course, starting May 4. We've had a lively debate about whether the MCM certification is actually valuable, in the sense that it's worth what it costs. After seeing the back-and-forth between people like Tony Redmond (who owns H-P's Microsoft consulting business), Gary Cooper, and Devin, the answer is clear: yes.

How is that possible? Simple. First, you get training that's literally not available anywhere else. A couple of weeks ago, I was there when Tim McMichael was teaching CCR and SCR. In the back of the room were Scott Schnoll and Ross Smith IV. It would be difficult to conceive of a better group to teach the real-world intricacies of how CCR and SCR can be deployed.

More importantly, when H-P (or IBM, or Dell, or other large shops) go in to a customer, the customer already knows them. They're not facing the problem of trying to convince a customer that a smaller, lesser-known shop can do a great job-- and can justify its bill rates. On the other hand, for smaller consultancies, MCM | Exchange is a terrific way to immediately lock the competence flag to 1. As Microsoft continues to evangelize the program, this effect will grow. That's why I'd jump into this rotation if I could... but I can't. However, you, dear reader, can. It's true that the training is about $13,000 (plus your living expenses). However, I believe strongly that for independents and smaller shops, you can sbsolutely recoup this value, and more. Check out the page, and if you're interested in signing up, ping me directly and I'll put you in touch with Greg.

The media's been flooded with news about various kinds of job training, including Microsoft's Elevate America program and various state programs targeted at autoworkers, manufacturing workers, and so on. This makes sense, given that the economic mess we're currently in means that there's a lot of turmoil and uncertainty about jobs at all levels. Getting better training almost always makes sense, especially if that training helps increase your market value.

Greg Taylor, who runs the Microsoft Certified Master for Exchange program, just e-mailed me to say that he only has 2 open slots in the next MCM | Exchange course, starting May 4. We've had a lively debate about whether the MCM certification is actually valuable, in the sense that it's worth what it costs. After seeing the back-and-forth between people like Tony Redmond (who owns H-P's Microsoft consulting business), Gary Cooper, and Devin, the answer is clear: yes.

How is that possible? Simple. First, you get training that's literally not available anywhere else. A couple of weeks ago, I was there when Tim McMichael was teaching CCR and SCR. In the back of the room were Scott Schnoll and Ross Smith IV. It would be difficult to conceive of a better group to teach the real-world intricacies of how CCR and SCR can be deployed.

More importantly, when H-P (or IBM, or Dell, or other large shops) go in to a customer, the customer already knows them. They're not facing the problem of trying to convince a customer that a smaller, lesser-known shop can do a great job-- and can justify its bill rates. On the other hand, for smaller consultancies, MCM | Exchange is a terrific way to immediately lock the competence flag to 1. As Microsoft continues to evangelize the program, this effect will grow. That's why I'd jump into this rotation if I could... but I can't. However, you, dear reader, can. It's true that the training is about $13,000 (plus your living expenses). However, I believe strongly that for independents and smaller shops, you can sbsolutely recoup this value, and more. Check out the page, and if you're interested in signing up, ping me directly and I'll put you in touch with Greg.

Missy has been pretty busy lately. Apart from working incredibly hard on some very cool Exchange 14-related stuff, she recently completed two white papers. The first one examines the interplay between continuous cluster replication (CCR) and direct attached storage, in an attempt to answer the question of whether you have to use SANs for efficient and safe CCR deployment. The second examines the pros and cons of CCR versus single copy cluster (SCC) deployment. Both of them are worth reading if you're interested in using CCR with Exchange.

Missy has been pretty busy lately. Apart from working incredibly hard on some very cool Exchange 14-related stuff, she recently completed two white papers. The first one examines the interplay between continuous cluster replication (CCR) and direct attached storage, in an attempt to answer the question of whether you have to use SANs for efficient and safe CCR deployment. The second examines the pros and cons of CCR versus single copy cluster (SCC) deployment. Both of them are worth reading if you're interested in using CCR with Exchange.

I can't believe I've forgotten to blog about this, but apparently I did: we're moving to Seattle.

When: it depends on when our house sells. It's on the market now. We've had a few showings, with good feedback thus far. In fact, as I was writing this, we got notice of another showing tomorrow, and we have an open house on Sunday. Houses are selling better in Perrysburg and Sylvania than in the overall metro Toledo area, so we'll have to see what happens. We might get a buyer tomorrow, or it might be in 2010. This uncertainty would normally be driving me CRAZY but it hasn't been too bad (see below to find out why).

How: we don't know yet. Ideally the house here would sell before the kids start school in the Seattle area (so, before about 1 September); that way we could move without the disruption inherent in a mid-year move. We'll probably do the U-Pack thing again, at least for most of our furniture, then hire a real mover for anything fragile or valuable. That's probably the best balance between cost, hassle, and breakage. As of right now we're planning to drive cross-country to actually get there, but we'll have to see what the weather's like when we get ready to go. Matt and I want to hit the C.M. Russell museum's bison exhibit on the way if at all possible, and according to Tim and Julie there are lots of other cool things to do en route.  

Why: this is a simple question, but with a complicated answer. We moved here in 2002 to be closer to my parents after my dad had an unexpected blood clot that hospitalized him; Tim being here was an unexpected bonus. We quickly grew to love Perrysburg. People here have a great sense of community, our local church ward is full of wonderful people, the schools are excellent, and it's a vibrant place with excellent services.

Over the last 18 months or so, though, I've gradually developed the realization that it would be best for 3Sharp if I were in Redmond more often, even permanently. After Dad's accident, Mom decided to move down to Louisiana, and with Tim gone too, much of the initial reason to live here was gone. Arlene and I started talking about the possibility of moving several months ago, but neither of us took it seriously-- we agreed to put off a serious exploration until after New Year's Day. So, we did, and all was well.

I thought about moving, and made some desultory (and, frankly, rather lazy) attempts to pray for guidance, but to no avail. Shortly after the first of the year, we had a Sunday School lesson that covered Doctrine and Covenants section 9. I was already generally familiar with the principle: the Lord expects us to do the legwork, examine alternatives and options, and make decisions using the brains He gave us. We can always seek confirmation of our decision, but that's not the same as asking Him to tell you what to do. That was the missing ingredient.

So, I went back and started really thinking about it seriously. What were the pros? (Where to begin? Much less travel for me; great opportunities for growth for the whole family; proximity to the temple; beautiful scenery; new things to explore; a really diverse environment for the boys, a whole new part of the country to explore, more gluten-free foods...) What were the cons? (Housing costs, obviously, plus the upheaval of dragging everyone across the country, particularly for Arlene) On balance, I decided that the pros outweighed the cons, so I told Arlene what I'd been thinking about. She too had been giving the idea a more serious look. Once we started praying about it, it became clear that moving was the right thing for our family to do-- but that it would happen when it happened, not necessarily on our schedule.

Where: somewhere on the east side of the metro area. Our office is in Redmond, so I'd like to be reasonably close to it. There are some great bargains in Snoqualmie and other nearby areas, but I don't know if I'm ready to take on a 30+ minute commute each way after nearly 11 years of commuting from the breakfast room to my office down the hall. I'll be in the office some days and working from home some days, so that will help make the transition easier. We've been making heavy use of Redfin to look for houses: partly because it's effective, and partly because it's fun to window-shop.

More news when there is news-- now I have to go clean up my office before the showing tomorrow.

I've been collecting bits and pieces of information that were too short to make meaningful posts on their own-- now I've mashed them together to make a semi-meaningful post.

First, OCS/LCS guru Joe Schurman has a new book out: Microsoft Voice and Unified Communications. As soon as I got Dustin Hannifin's mail announcing it, I ordered it.

Second, I found that Microsoft has an extensive listing of products that have been certified as supported with OCS 2007 R2 under the Unified Communications Open Interoperability Program. There's a lot of interesting stuff there (including the fact that I'm a revision behind on my 3300 firmware).

Third, OCS and Speech Server MVP Marshall Harrison launched a new site, GotUC.net. It's a portal dedicated to the OCS development community. It's still fairly new, so there isn't much there, but I expect that to change over time-- drop by and say hi.

I also need to write a summary of my MVP Summit experiences, but that will have to wait until later.

I've been collecting bits and pieces of information that were too short to make meaningful posts on their own-- now I've mashed them together to make a semi-meaningful post.

First, OCS/LCS guru Joe Schurman has a new book out: Microsoft Voice and Unified Communications. As soon as I got Dustin Hannifin's mail announcing it, I ordered it.

Second, I found that Microsoft has an extensive listing of products that have been certified as supported with OCS 2007 R2 under the Unified Communications Open Interoperability Program. There's a lot of interesting stuff there (including the fact that I'm a revision behind on my 3300 firmware).

Third, OCS and Speech Server MVP Marshall Harrison launched a new site, GotUC.net. It's a portal dedicated to the OCS development community. It's still fairly new, so there isn't much there, but I expect that to change over time-- drop by and say hi.

I also need to write a summary of my MVP Summit experiences, but that will have to wait until later.

Brent Ozar posted an interesting piece on the value of the MCM credential. He argues that the value in being an MCM comes primarily to people who already have the ability to act as a force multiplier, making the people around them more effective. That's one of the reasons that I'm happy that Devin's earned his MCM; he has great potential to use what he's learned to provide a field effect that will really help our customers.

I'm going to be teaching the Exchange UM portion of the MCM Exchange class, starting either in March or May. I've decided to hold off on going through the whole program until we've finished our move to Seattle; it'll be much easier without the added hassle of being away from home. I'm tempted to skip the Exchange 2007 MCM and wait for the Exchange 14 version (which, of course, is a ways off), and instead go for the MCM OCS certification. Jens' description is very tantalizing.

BTW, the MCM team has a great blog. If you're at all interested in the MCM program, you should check it out.

Brent Ozar posted an interesting piece on the value of the MCM credential. He argues that the value in being an MCM comes primarily to people who already have the ability to act as a force multiplier, making the people around them more effective. That's one of the reasons that I'm happy that Devin's earned his MCM; he has great potential to use what he's learned to provide a field effect that will really help our customers.

I'm going to be teaching the Exchange UM portion of the MCM Exchange class, starting either in March or May. I've decided to hold off on going through the whole program until we've finished our move to Seattle; it'll be much easier without the added hassle of being away from home. I'm tempted to skip the Exchange 2007 MCM and wait for the Exchange 14 version (which, of course, is a ways off), and instead go for the MCM OCS certification. Jens' description is very tantalizing.

BTW, the MCM team has a great blog. If you're at all interested in the MCM program, you should check it out.

Long-time Outlook MVP Sue Mosher (who is a really interesting person besides!) wrote Microsoft Outlook 2007 Programming: Jumpstart for Power Users and Administrators a year or two ago, and Microsoft just put three chapters online from it. If you're doing Outlook development at all, this will probably be a valuable read. Sue points out that the chapter on working with item bodies has a lot of information that she's never seen published anywhere else.

I'm excited to be at this year's MVP Summit. (In fact, I'm in an Exchange 14-themed session right now). The summit team has their own blog, and lots of other MVPs are blogging about it. I have a huge backlog of blog entries to write, but I won't be blogging much about the specific sessions because they're under NDA. Too bad, because there are some E14 features that totally rock my socks off.

I'm excited to be at this year's MVP Summit. (In fact, I'm in an Exchange 14-themed session right now). The summit team has their own blog, and lots of other MVPs are blogging about it. I have a huge backlog of blog entries to write, but I won't be blogging much about the specific sessions because they're under NDA. Too bad, because there are some E14 features that totally rock my socks off.

Apparently IBM has decided that the best way to get mobile e-mail out of Notes/Domino is to license their primary competitor's protocol! Network World ran a story today ("Lotus Notes/iPhone users to get their wish: real-time e-mail access") claiming that IBM will include Exchange ActiveSync (EAS) support in a future release of Lotus Notes Traveler, IBM's existing mobility solution. (Ed Brill mentioned it this morning, when I was revising this draft, too.)

This is fascinating for several reasons. First, it further solidifies EAS' position as the dominant mobile sync protocol for e-mail, calendar, and contact data. When your biggest competitors (like Apple and Nokia in mobile devices and now IBM in collaboration software) come hat in hand to license your stuff, that's a good sign. The original decision to license EAS to outside parties some years ago looks better and better-- especially in light of the EU's continued and bizarre insistence that Microsoft isn't documenting and opening its protocols enough.

Second, this move implies some things about the state of the relationship between IBM (or at least the Lotus division) and Apple. IBM certainly has enough skilled developers to build their own equivalent of EAS, and to get it to run comfortably on the iPhone. Apparently, though, they don't have the market leverage to get Apple to ship that protocol as a peer of EAS, or to allow IBM to evade the SDK restrictions on backgrounding. Of course, Apple only added EAS support in the first place to give them another attack (a submission, if you will, to borrow a little BJJ lingo) against RIM and WM. Apple apparently doesn't feel the need to have a similar move up their sleeve for those shops running Notes.

Third, follow the money. I couldn't find any evidence of an IBM-Microsoft cross-license for patents (which makes perfect sense given the companies' respective stances on Linux). IBM doesn't break out many separate numbers for sales of individual products, but given what I know about EAS licensing I expect that they'll have to pay Microsoft a per-unit fee for the server software that implements EAS on the Domino side. That in turn gives Microsoft some interesting data they didn't have before: how many licenses of Traveler IBM is selling. Oh, and cash money, too.

Fourth, can you imagine the field day Microsoft's sales and marketing team is going to have with this? This is like one of those "write your own caption" contests.

Fifth, this represents a win for Windows Mobile too. Now they too can work seamlessly with Domino installations with no additional client software.

Meta-thought: IBM must have really wanted to get Notes on the iPhone. Why? It's hard to imagine that it's because of the huge overlap between Notes users and iPhone users, because I don't believe such an overlap exists. Could this be an attempt by IBM to cash in on some of the halo generated by the iPhone? Does the iPhone coattail effect make up for having to license a protocol from the hated Redmondites? I guess we'll have to wait and see...

Update: IBM's actual press release is here. I like the phrase in the intro paragraph: "…intended support for Microsoft Active Sync". I wonder what "intended" means in this context?

Apparently IBM has decided that the best way to get mobile e-mail out of Notes/Domino is to license their primary competitor's protocol! Network World ran a story today ("Lotus Notes/iPhone users to get their wish: real-time e-mail access") claiming that IBM will include Exchange ActiveSync (EAS) support in a future release of Lotus Notes Traveler, IBM's existing mobility solution. (Ed Brill mentioned it this morning, when I was revising this draft, too.)

This is fascinating for several reasons. First, it further solidifies EAS' position as the dominant mobile sync protocol for e-mail, calendar, and contact data. When your biggest competitors (like Apple and Nokia in mobile devices and now IBM in collaboration software) come hat in hand to license your stuff, that's a good sign. The original decision to license EAS to outside parties some years ago looks better and better-- especially in light of the EU's continued and bizarre insistence that Microsoft isn't documenting and opening its protocols enough.

Second, this move implies some things about the state of the relationship between IBM (or at least the Lotus division) and Apple. IBM certainly has enough skilled developers to build their own equivalent of EAS, and to get it to run comfortably on the iPhone. Apparently, though, they don't have the market leverage to get Apple to ship that protocol as a peer of EAS, or to allow IBM to evade the SDK restrictions on backgrounding. Of course, Apple only added EAS support in the first place to give them another attack (a submission, if you will, to borrow a little BJJ lingo) against RIM and WM. Apple apparently doesn't feel the need to have a similar move up their sleeve for those shops running Notes.

Third, follow the money. I couldn't find any evidence of an IBM-Microsoft cross-license for patents (which makes perfect sense given the companies' respective stances on Linux). IBM doesn't break out many separate numbers for sales of individual products, but given what I know about EAS licensing I expect that they'll have to pay Microsoft a per-unit fee for the server software that implements EAS on the Domino side. That in turn gives Microsoft some interesting data they didn't have before: how many licenses of Traveler IBM is selling. Oh, and cash money, too.

Fourth, can you imagine the field day Microsoft's sales and marketing team is going to have with this? This is like one of those "write your own caption" contests.

Fifth, this represents a win for Windows Mobile too. Now they too can work seamlessly with Domino installations with no additional client software.

Meta-thought: IBM must have really wanted to get Notes on the iPhone. Why? It's hard to imagine that it's because of the huge overlap between Notes users and iPhone users, because I don't believe such an overlap exists. Could this be an attempt by IBM to cash in on some of the halo generated by the iPhone? Does the iPhone coattail effect make up for having to license a protocol from the hated Redmondites? I guess we'll have to wait and see...

Update: IBM's actual press release is here. I like the phrase in the intro paragraph: "…intended support for Microsoft Active Sync". I wonder what "intended" means in this context?

A couple of weeks ago, I mentioned that Microsoft had announced their plans to release an Exchange Web Services-based version of Entourage 2008. Well, they've gone and done it: this Mactopia page has the link you need to sign in to Microsoft Connect and get the beta bits. Just to reiterate: you won't see any major changes in the user interface, because there aren't any. Consider this release to be the UI of Entourage 2008 with a completely different (and much improved!) mechanism for talking to Exchange under the hood.

A couple of weeks ago, I mentioned that Microsoft had announced their plans to release an Exchange Web Services-based version of Entourage 2008. Well, they've gone and done it: this Mactopia page has the link you need to sign in to Microsoft Connect and get the beta bits. Just to reiterate: you won't see any major changes in the user interface, because there aren't any. Consider this release to be the UI of Entourage 2008 with a completely different (and much improved!) mechanism for talking to Exchange under the hood.

Nice one! Microsoft announced the existence of Exchange 14 (the successor to Exchange 2007) today. With Lotusphere on the horizon, I'm sure it's just a coincidence. My home domain is hosted on Exchange 14 through Exchange Labs, and I've been working with it quite a bit for a number of projects. There are some very exciting things in it, and I'm looking forward to being able to talk about it more.

Nice one! Microsoft announced the existence of Exchange 14 (the successor to Exchange 2007) today. With Lotusphere on the horizon, I'm sure it's just a coincidence. My home domain is hosted on Exchange 14 through Exchange Labs, and I've been working with it quite a bit for a number of projects. There are some very exciting things in it, and I'm looking forward to being able to talk about it more.

Wow. Rob Sealock, a technical account manager at Microsoft, posted an incredibly detailed list of Exchange fixes and updates for the month of December. I sure hope he keeps these posts up.

Wow. Rob Sealock, a technical account manager at Microsoft, posted an incredibly detailed list of Exchange fixes and updates for the month of December. I sure hope he keeps these posts up.

Great news from Microsoft's Mac Business Unit: they'll be releasing a version of Entourage that uses Exchange Web Services. This is great news because WebDAV, the protocol that previous versions of Entourage have used, doesn't provide full support for every type of Exchange data item. The Exchange Web Services (EWS) version of Entourage will support full synchronization of tasks, notes, and categories with servers running Exchange Server 2007 SP1 or later. This should please some of the folks who have been lamenting the lack of Exchange sync functionality in Entourage. The best part: they'll release this as a free update to Entourage later this year.

Great news from Microsoft's Mac Business Unit: they'll be releasing a version of Entourage that uses Exchange Web Services. This is great news because WebDAV, the protocol that previous versions of Entourage have used, doesn't provide full support for every type of Exchange data item. The Exchange Web Services (EWS) version of Entourage will support full synchronization of tasks, notes, and categories with servers running Exchange Server 2007 SP1 or later. This should please some of the folks who have been lamenting the lack of Exchange sync functionality in Entourage. The best part: they'll release this as a free update to Entourage later this year.

StackSafe just sent me a request; they're doing a survey of Exchange administrators (hosted by SurveyMonkey). The first 50 respondents get a Starbucks' gift card, and they'll draw someone at random to win an iPod Touch. It's not a sales survey, and they've promised not to spam anyone. They've also promised to make the survey data available to me, and I'll post it here once I get it. Take the survey here if you're interested.

StackSafe just sent me a request; they're doing a survey of Exchange administrators (hosted by SurveyMonkey). The first 50 respondents get a Starbucks' gift card, and they'll draw someone at random to win an iPod Touch. It's not a sales survey, and they've promised not to spam anyone. They've also promised to make the survey data available to me, and I'll post it here once I get it. Take the survey here if you're interested.

Say you've fired someone, or laid them off, or sadly waved goodbye as they left of their own volition. How can you effectively prevent them from accessing your Exchange servers once they're gone?

Most connections to an Exchange server are persistent, in the sense that once the client's authenticated the connection will remain open. This allows the client to continue to send and receive mail… the exact opposite of what you want. You might think that disabling the Active Directory account for the user would do the trick, and it will indeed prevent other logons from succeeding. However, for about two hours, existing logons will continue to work. Here's what to do to instead:

1. Disable the user's mailbox. This prevents new logons to the mailbox.
2. Set the Send Prohibit quota to 0. This prevents the user from sending new mail; the quota change takes effect immediately.
3. Move the user's mailbox to another database. This will immediately disconnect all open mailbox connections from any client.

Voilà! Problem solved. (Hat tip: Scott Schnoll)

Say you've fired someone, or laid them off, or sadly waved goodbye as they left of their own volition. How can you effectively prevent them from accessing your Exchange servers once they're gone?

Most connections to an Exchange server are persistent, in the sense that once the client's authenticated the connection will remain open. This allows the client to continue to send and receive mail… the exact opposite of what you want. You might think that disabling the Active Directory account for the user would do the trick, and it will indeed prevent other logons from succeeding. However, for about two hours, existing logons will continue to work. Here's what to do to instead:

1. Disable the user's mailbox. This prevents new logons to the mailbox.
2. Set the Send Prohibit quota to 0. This prevents the user from sending new mail; the quota change takes effect immediately.
3. Move the user's mailbox to another database. This will immediately disconnect all open mailbox connections from any client.

Voilà! Problem solved. (Hat tip: Scott Schnoll)

I'm going to be doing a three-part "PowerShell 101" webcast for Windows IT Pro on 11 December. It's pretty basic stuff, appropriate for those who are just getting started with PowerShell and the Exchange Management Shell (EMS). However, I will be doing a longer, more in-depth series of webcasts starting in February. For more details, see this link.

This has taken me shamefully long to post, but 3Sharp's own EricaT has just had four white papers on enterprise content management published on Microsoft's web site:

• Office SharePoint Server 2007 Document Management
• Office SharePoint Server 2007 Records Management
• Office SharePoint Server 2007 Web Content Management
• Office SharePoint Server 2007 Workflow

If you're interested in using MOSS for ECM, you should definitely check these out.

This year, my attendance at Exchange Connections was shorter than usual-- I arrived Tuesday afternoon, presented most of the day on Wednesday, and then had to head up to 3Sharp in Redmond for a day of meetings with customers and our new PR agency, Hardy Communications.

The flight from Detroit to Vegas was uneventful, unless you count the guy two rows behind me who was snoring like a Poulan. I was actually concerned for his health. I didn't see any signs of the Delta takeover; the FAs were as friendly as they ever are on NWA. Unfortunately, just before boarding I discovered that I'd forgotten my headphones and my iPhone sync cable. Sadly, that meant I was forced to work for the entire flight! (Arlene sent the missing gear to me, so I was equipped before my flight to Seattle).

This was a two-laptop trip: I brought both my T61 running Windows Server 2008 and my MacBook Pro. The MBP gave me a solid 3.5 hours of fairly heavy activity. For the few minutes I was using the T61, Windows' battery estimator gave me an estimated life of 2:21. That's not great, but part of the problem is that I've only ever had the big IBM/Lenovo battery, not the smaller conformal one. I'll have to do a more even comparison in the future. (Also: my Win2008 installation won't let me hibernate, which is a big pain in the butt sometimes).

My first session on Exchange Online went well, including some cool demos. The questions I got were pretty good, though there were a few I couldn't answer. (My favorite: will Exchange Online support the BlackBerry? Yeah, when pigs fly!)

PowerShell 101 was, as always, a blast. It's such a fun presentation to give because I enjoy seeing people "get it" as they start to internalize all the stuff they can do with the Exchange Management Shell.

Apart from that, I didn't see or do much. My room at THE Hotel smelled like smoke; I had a good lunch with my Windows IT Pro peeps at Border Grill, and now I'm heading to Seattle.

Update: I forgot to mention that the Society of Exploration Geophysicists was in town for their 78th annual convention. Fun crowd! The geophysicists tended to be well-dressed and very talkative, with lots of hallway groupings, and a surprising number of women.

This year, my attendance at Exchange Connections was shorter than usual-- I arrived Tuesday afternoon, presented most of the day on Wednesday, and then had to head up to 3Sharp in Redmond for a day of meetings with customers and our new PR agency, Hardy Communications.

The flight from Detroit to Vegas was uneventful, unless you count the guy two rows behind me who was snoring like a Poulan. I was actually concerned for his health. I didn't see any signs of the Delta takeover; the FAs were as friendly as they ever are on NWA. Unfortunately, just before boarding I discovered that I'd forgotten my headphones and my iPhone sync cable. Sadly, that meant I was forced to work for the entire flight! (Arlene sent the missing gear to me, so I was equipped before my flight to Seattle).

This was a two-laptop trip: I brought both my T61 running Windows Server 2008 and my MacBook Pro. The MBP gave me a solid 3.5 hours of fairly heavy activity. For the few minutes I was using the T61, Windows' battery estimator gave me an estimated life of 2:21. That's not great, but part of the problem is that I've only ever had the big IBM/Lenovo battery, not the smaller conformal one. I'll have to do a more even comparison in the future. (Also: my Win2008 installation won't let me hibernate, which is a big pain in the butt sometimes).

My first session on Exchange Online went well, including some cool demos. The questions I got were pretty good, though there were a few I couldn't answer. (My favorite: will Exchange Online support the BlackBerry? Yeah, when pigs fly!)

PowerShell 101 was, as always, a blast. It's such a fun presentation to give because I enjoy seeing people "get it" as they start to internalize all the stuff they can do with the Exchange Management Shell.

Apart from that, I didn't see or do much. My room at THE Hotel smelled like smoke; I had a good lunch with my Windows IT Pro peeps at Border Grill, and now I'm heading to Seattle.

Update: I forgot to mention that the Society of Exploration Geophysicists was in town for their 78th annual convention. Fun crowd! The geophysicists tended to be well-dressed and very talkative, with lots of hallway groupings, and a surprising number of women.

I'm glad to be able to talk about this finally! AppAssure has just released a free tool called Exchange Observer (registration required for download). This tool will automatically inspect your Exchange topology to find all Exchange 2003-hosted storage groups and databases, then give you a nifty tree view showing the status of each database. This is a simple, low-impact way to monitor all the servers in your org. Give it a try.

I'm glad to be able to talk about this finally! AppAssure has just released a free tool called Exchange Observer (registration required for download). This tool will automatically inspect your Exchange topology to find all Exchange 2003-hosted storage groups and databases, then give you a nifty tree view showing the status of each database. This is a simple, low-impact way to monitor all the servers in your org. Give it a try.

This morning I'm supposed to be shooting a short web video for Penton on desktop data management for Exchange. I expected one guy with a camera, but now my office has three people (plus me): a camera operator, the teleprompter operator, and the audio guy. They have more equipment than I can shake a mouse at, so things are pretty snug in my office. The last time I did something like this was when I shot a segment for an episode of Mike Nash's Security 360 series; that was shot by a crew from Microsoft Studios at 3Sharp's old Redmond office. Having all this infrastructure in my house is a bit disconcerting. I've been cleaning my office for the last week in preparation, so hopefully the finished video will reflect my efforts. (Don't laugh; you should have seen it before the cleaning!) Perhaps the funniest part is that my kids now think I'll be famous because I'm going to be on TV. They don't get the whole sponsored-web-video thing yet, I guess.

In all the busy-ness of my day job, I somehow managed not to notice that David Gerhardt and Kevin Martin are writing a book, Building Content Type Solutions in SharePoint 2007. As a dyed-in-the-wool messaging and RTC guy who knows little about SharePoint development, I have no idea what the book is about. However, big ups to David and Kevin on writing the book; I know from experience that it's a long and difficult road. Maybe if I read the book I'll actually learn something!

Right now I'm sitting in a classroom in Redmond, auditing the UM material so I can be qualified to teach it. I had a thought a little while ago: the $18,500 tuition seems awfully steep, but if you amortize it across the 18 training days, that's a hair more than $1000/day. Divide that by the 11- to 12-hour class days, and you come out with an hourly rate of, say, $90. That's cheaper than hiring many kinds of professionals; there's no way you could hire the caliber of instructors available here (say, Ross Smith IV or Tim McMichael) for that little.

Of course, this estimate ignores the cost of travel, and the time you actually have to invest in the class, but it helps to put the seemingly huge expense in perspective.

Right now I'm sitting in a classroom in Redmond, auditing the UM material so I can be qualified to teach it. I had a thought a little while ago: the $18,500 tuition seems awfully steep, but if you amortize it across the 18 training days, that's a hair more than $1000/day. Divide that by the 11- to 12-hour class days, and you come out with an hourly rate of, say, $90. That's cheaper than hiring many kinds of professionals; there's no way you could hire the caliber of instructors available here (say, Ross Smith IV or Tim McMichael) for that little.

Of course, this estimate ignores the cost of travel, and the time you actually have to invest in the class, but it helps to put the seemingly huge expense in perspective.

My friend and fellow MVP Jim McBee just asked what item types OCS uses for creating items that end up in user mailboxes. There are actually several answers:

• For OCS conversations, you want IPM.Note.Microsoft.Conversation.
• Office Communicator Phone Edition devices use IPM.Note.Microsoft.Conversation.Voice for the call log entries they generate.
• Missed calls notifications are tagged with IPM.Note.Microsoft.Missed.Voice.

These are all easy to set from within Exchange Web Services code; just add a <t:ItemClass> block with the type you want to your CreateItemHeader object.

My friend and fellow MVP Jim McBee just asked what item types OCS uses for creating items that end up in user mailboxes. There are actually several answers:

• For OCS conversations, you want IPM.Note.Microsoft.Conversation.
• Office Communicator Phone Edition devices use IPM.Note.Microsoft.Conversation.Voice for the call log entries they generate.
• Missed calls notifications are tagged with IPM.Note.Microsoft.Missed.Voice.

These are all easy to set from within Exchange Web Services code; just add a <t:ItemClass> block with the type you want to your CreateItemHeader object.

This is neat: Microsoft product manager Jamie Stark is more-or-less-liveblogging the unveiling of OCS 2007 R2 from VoiceCon in Amsterdam.

This is neat: Microsoft product manager Jamie Stark is more-or-less-liveblogging the unveiling of OCS 2007 R2 from VoiceCon in Amsterdam.

Microsoft today released rollup 4 for Exchange 2007 Service Pack 1. This is the real RU4, not the broken version that was accidentally released through Microsoft Update on September 9th. Among other things, this rollup fixes some pesky Exchange Web Services bugs.

Microsoft today released rollup 4 for Exchange 2007 Service Pack 1. This is the real RU4, not the broken version that was accidentally released through Microsoft Update on September 9th. Among other things, this rollup fixes some pesky Exchange Web Services bugs.

So, Jim has ratted me out: he noticed that I'm scheduled to give an Exchange 14-related session at Exchange Connections in November. In a probably-feeble attempt to avoid the wrath of Microsoft's NDA police, the truth is, I submitted that session proposal nearly six months ago. At that time, I had the expectation that I'd be free to talk about Exchange 14 by November. However, the product is still under NDA, and probably still will be by then, so I'll be presenting another session instead, topic TBD. Sorry to disappoint...

So, Jim has ratted me out: he noticed that I'm scheduled to give an Exchange 14-related session at Exchange Connections in November. In a probably-feeble attempt to avoid the wrath of Microsoft's NDA police, the truth is, I submitted that session proposal nearly six months ago. At that time, I had the expectation that I'd be free to talk about Exchange 14 by November. However, the product is still under NDA, and probably still will be by then, so I'll be presenting another session instead, topic TBD. Sorry to disappoint...

Great article on the Exchange team blog from mobility guy Adam Glick: it's all about how to block classes of devices that you don't want connecting to your Exchange server. You can already turn Exchange ActiveSync on and off for individual users, and you can allow or deny individual devices for those users. However, those solutions are best if you want to block a known-bad user or a known-bad device. If you want to block, say, all iPhones (or all BlackBerry devices, or all Nokias, or whatever), Adam outlines an easy solution for doing so.

Great article on the Exchange team blog from mobility guy Adam Glick: it's all about how to block classes of devices that you don't want connecting to your Exchange server. You can already turn Exchange ActiveSync on and off for individual users, and you can allow or deny individual devices for those users. However, those solutions are best if you want to block a known-bad user or a known-bad device. If you want to block, say, all iPhones (or all BlackBerry devices, or all Nokias, or whatever), Adam outlines an easy solution for doing so.

I've written about phone number normalization a bit before, but OCS MVP Jeff Schertz has a more detailed how-to guide. It's interesting that the documentation for LCS on this topic was poor, and it didn't get any better for OCS 2007. Maybe it'll improve for R2?

I've written about phone number normalization a bit before, but OCS MVP Jeff Schertz has a more detailed how-to guide. It's interesting that the documentation for LCS on this topic was poor, and it didn't get any better for OCS 2007. Maybe it'll improve for R2?

Fellow Exchange MVP Jason Sherry has written a very useful script that will gather a bunch of information about your transaction logs, including how many of them you have across your servers and the rate of growth in log creation. This is a great way to keep tabs on what your logs are doing.

The folks at Red Line Software have a nice two-part series on how to use the Microsoft Transporter tool to perform IMAP-based migrations. This is not always as obvious a process as it might seem, so if you're contemplating having to do this, check these articles: part 1 and part 2.

I got some mail yesterday from Google about their recent Google Apps service outage. Here it is, along with my editorial comments.

We're committed to making Google Apps Premier Edition a service on which your organization can depend. During the first half of August, we didn't do this as well as we should have. We had three outages - on August 6, August 11, and August 15. The August 11 outage was experienced by nearly all Google Apps Premier users while the August 6 and 15 outages were minor and affected a very small number of Google Apps Premier users. As is typical of things associated with Google, these outages were the subject of much public commentary.

Well-deserved public commentary, at that, mostly focused on the question of why Google thinks that Google Apps is an enterprise-grade service. Three outages in a nine-day period is not confidence-building.

Through this note, we want to assure you that system reliability is a top priority at Google. When outages occur, Google engineers around the world are immediately mobilized to resolve the issue. We made mistakes in August, and we're sorry. While we're passionate about excellence, we can't promise you a future that's completely free of system interruptions. Instead, we promise you rapid resolution of any production problem; and more importantly, we promise you focused discipline on preventing recurrence of the same problem.

Notice what's missing here: any commitment to a particular level of availability, or any information about the cause of the outage, or any information about how they applied "focused discipline" to keep it from happening again.

Given the production incidents that occurred in August, we'll be extending the full SLA credit to all Google Apps Premier customers for the month of August, which represents a 15-day extension of your service. SLA credits will be applied to the new service term for accounts with a renewal order pending. This credit will be applied to your account automatically so there's no action needed on your part.

So let me get this straight: in exchange for three days of outages (in fairness, not three complete outages), you're going to give me a credit for $25/user. That's not a bad start, but I daresay for most Google Apps customers it's only a small fraction of their lost productivity. Not to mention that I might not want a service credit in the first place.

We've also heard your guidance around the need for better communication when outages occur. Here are three things that we're doing to make things better: We're building a dashboard to provide you with system status information. This dashboard, which we aim to make available in a few months, will enable us to share the following information during an outage:

• A description of the problem, with emphasis on user impact. Our belief is during the course of an outage, we should be singularly focused on solving the problem. Solving production problems involves an investigative process that's iterative. Until the problem is solved, we don't have accurate information around root cause, much less corrective action, that will be particularly useful to you. Given this practical reality, we believe that informing you that a problem exists and assuring you that we're working on resolving it is the useful thing to do.
• A continuously updated estimated time-to-resolution. Many of you have told us that it's important to let you know when the problem will be solved. Once again, the answer is not always immediately known. In this case, we'll provide regular updates to you as we progress through the troubleshooting process.

Positive steps, but note that there's no definite delivery date. Note also the weasel language around how "assuring you" is the useful thing to do. No, fixing the problem is the useful thing to do, followed closely by timely and informative status reports. Just look at what Twitter does, then do the opposite. (Actually, for a decent model, check out how the Xbox Live service folks handle outages.)

In cases where your business requires more detailed information, we'll provide a formal incident report within 48 hours of problem resolution. This incident report will contain the following information:

1. business description of the problem, with emphasis on user impact;
2. technical description of the problem, with emphasis on root cause;
3. actions taken to solve the problem;
4. actions taken or to be taken to prevent recurrence of the problem;
5. e. time line of the outage.

This is more like it! However, my business always requires this detailed information. Who says so? I do. I'm betting that Google will closely control this information, and that they will only provide it if they think your business requires such information.

In cases where your business requires an in-depth dialogue about the outage, we'll support your internal communication process through participation in post-mortem calls with you and your management team.

Translated: "if you take heat for our outages, we'll be happy to get on the phone and help spin the problem so we don't lose your account."

Once again, thanks for you continued support and understanding. Sincerely, The Google Apps Team

While tech editing an article by Tony Redmond on Exchange transport back pressure, I wanted to look up the value of a setting in EdgeTransport.exe.config. Here's the best guide I've found to the settings in that file.

While tech editing an article by Tony Redmond on Exchange transport back pressure, I wanted to look up the value of a setting in EdgeTransport.exe.config. Here's the best guide I've found to the settings in that file.

Yay! We finally have a supported version of Exchange System Manager that runs on Vista. Get it here.

Yay! We finally have a supported version of Exchange System Manager that runs on Vista. Get it here.

I've decided to give Twitter a try. So far, I'm following Chris, Ed Brill, Erica, and Al Tompkins. Follow me here.

I was recently asked a really good question: how can you disable the "Play on Phone" functionality in Exchange 2007 Unified Messaging? PoP is a handy feature because it lets you use a simple UI in Outlook or OWA to get your voice mail on any phone that your UM server can dial out to. For security reasons, though, some organizations want to prevent people from placing outbound calls to potentially untrusted numbers (like, oh, I don't know, this).There's no direct way to do this from the UI, but you can accomplish it with a bit of trickery: set the OutCallsAllowed attribute on the IP gateway used by the UM server (set-UMIPGateway MyUMGateway -OutCallsAllowed $false will do the trick.)

Why does this work? This flag tells the UM server to never send SIP INVITE messages to the gateway for the new call. If there are no gateway objects with the property set to true, then UM will not attempt to place any outbound calls. PoP is the only Exchange UM feature that will result in new outbound SIP INVITE messages; call transfers use the SIP REFER message, so the automated attendant and call answering features will still work. However, this doesn't disable the PoP user interface, so users will still see the buttons; they just won't work when clicked.

I was recently asked a really good question: how can you disable the "Play on Phone" functionality in Exchange 2007 Unified Messaging? PoP is a handy feature because it lets you use a simple UI in Outlook or OWA to get your voice mail on any phone that your UM server can dial out to. For security reasons, though, some organizations want to prevent people from placing outbound calls to potentially untrusted numbers (like, oh, I don't know, this).There's no direct way to do this from the UI, but you can accomplish it with a bit of trickery: set the OutCallsAllowed attribute on the IP gateway used by the UM server (set-UMIPGateway MyUMGateway -OutCallsAllowed $false will do the trick.)

Why does this work? This flag tells the UM server to never send SIP INVITE messages to the gateway for the new call. If there are no gateway objects with the property set to true, then UM will not attempt to place any outbound calls. PoP is the only Exchange UM feature that will result in new outbound SIP INVITE messages; call transfers use the SIP REFER message, so the automated attendant and call answering features will still work. However, this doesn't disable the PoP user interface, so users will still see the buttons; they just won't work when clicked.

My friend Ben Schorr, an Outlook MVP who has the good fortune to live someplace nice, just mailed me to tell me that his new book is out. It's called The Lawyers' Guide to Outlook 2007, which is a wonderfully descriptive title. I haven't read it, but based on the table of contents alone I strongly recommend it-- the very fact that he has a section called "Why an Empty Inbox?" tells me everything I need to know to recommend it. If you're an attorney, or work with them, check it out.

When I talk about UCMA in the UC development classes I've been teaching, attendees frequently ask how they can publish custom presence information. The answer is that you can construct custom presence in two ways: using your own completely custom schema (which CWA, OCS, and other MS applications won't understand) or by passing presence data using Microsoft's presence schema. That schema is documented here, which makes it much easier to take the second route.

When I talk about UCMA in the UC development classes I've been teaching, attendees frequently ask how they can publish custom presence information. The answer is that you can construct custom presence in two ways: using your own completely custom schema (which CWA, OCS, and other MS applications won't understand) or by passing presence data using Microsoft's presence schema. That schema is documented here, which makes it much easier to take the second route.

I've recently been spending time programming again. This has been a welcome return to my roots, and it's certainly reminded me of the pleasure that comes from building good code. Of course, every pleasure has its obverse, and I was reminded of that today because I spent all day beating my head against what appeared to be a bug in NSXMLNode. You're supposed to be able to use the nodesForXPath: method to do an XPath query against an XML tree. I'd written some code that sent an Autodiscover request to Exchange and parsed the returned data (which looks like this), but my code never found any EwsUrl nodes, even though they were plainly visible.

I tried the xpath command-line tool, and it did what I expected; "xpath ~/Desktop/EWS.xml //EwsUrl" returned both nodes. Apple's own XMLBrowser sample (in /Developer/Examples/Foundation/XMLBrowser) didn't work properly either, but the XMLMate plug-in for TextMate did. I looked carefully at the Autodiscover sample in the Exchange 2007 SP1 SDK and found that everything looked OK. Then I went back to my main reference for this stuff. On page 780, I finally found the answer in a subtle clue: the book's sample was using an XPath query that included the namespace! I modified my code to look like this:

NSXMLNode *rSpace = [NSXMLNode namespaceWithName: @"r"
stringValue:@"http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a"];

[[adResponse rootElement] addNamespace:rSpace];

NSArray *idList = [responseRoot nodesForXPath:@"//r:EwsUrl" error:&err];

Apple has been getting a ton of press about the launch of v2.0 of the iPhone software (along with the iPhone 3G, of course!) I've been using a pre-release version of the v2.0 firmware on my iPhone, but I didn't want to write about it until the release because I hoped that some of the glaring problems with Apple's implementation would be fixed in the RTM version. Sadly, this doesn't seem to be the case.

Apple has a page with lots of deeper information on the enterprise features of the v2 software. I haven't spent any time with the device management or provisioning bits, nor the VPN support. However, I have spent a lot of time with the Exchange-compatible features, and overall I'd have to say Apple isn't there yet. Windows Mobile still has some compelling features that the iPhone lacks. It's entirely possible that I've just missed some iPhone features; I'll update this post as I learn more (or am corrected).

Update 1: [0017 Monday 7/15] I should point out that Exchange ActiveSync is a protocol that supports lots of different content types and protocol option. Apple, like most other EAS licensees, has implemented a subset of EAS. I'm complaining about Apple's implementation here, not EAS itself.

About the author

Before I get into the meat of my piece, a few words about my qualifications. I've been a Mac user since 1984, an iPhone user since July 8th of last year, and an Exchange admin since 1995. I'm a Microsoft MVP for Exchange and Office Communications Server. My day job involves every possible sort of exploration into how Exchange works, with a heavy focus on mobility. I carry a Windows Mobile 6.1 device daily and rely on it to get my work done. I've been in love with the polish and responsiveness of the iPhone UI from day 1. It's an awesome device for most purposes. However, from my standpoint as an experienced Exchange administrator and WM device wrangler, there are still a lot of missing pieces (or things that are poorly implemented).

E-mail

Let's start with e-mail, which seems like an easy enough application to implement. Apple got the single biggest item right: push e-mail works properly. Mail arrives when it's supposed to, and replies are sent like they're supposed to be. HTML mail displays beautifully. In fact, the overall Mail experience is basically just like it was in v1, for better or worse.

We interrupt this review for a special gripe: Apple, why on earth do you expand the ENTIRE folder list when I want to navigate to a new folder or move a message? This is incredibly inefficient for large mailboxes. It would help a great deal if the Mail application would remember the most recently used folder and jump to it, or (even better) if the folder list were collapsible. Please fix this in the next point release. (Side gripe: why can't I flick left or right to change e-mail accounts, like I can with Safari's page selector?) We now resume our regular programming.

You might think that the iPhone would work well as an offline mail client. You might also think that you should be dating Danica Patrick and that gas should be $1.25/gallon. Bad news: the iPhone's offline story is poor. When the device radios are off, any attempt to move or delete messages results in an error dialog. How lame is that? Did anyone at Apple test a Windows Mobile device to see how it works in this situation? There are a few nice touches, though. For example, a small status line in the main mail view shows you how many messages are queued for sending. At least the software is smart enough to automatically attempt a sync as soon as the network comes back up.

There are a number of other Windows Mobile 6 features missing here: for instance, you cannot flag or unflag messages for follow-up; you can't set out of office messages or timings, and the device will frequently complain if you try to throw away a message that a client- or server-side junk filter has already moved elsewhere. The extremely convenient press-and-hold shortcuts that WM provides (like "d" to delete or "m" for move) are of course absent here, too.

Bottom line: mail is prettier on the iPhone. The devices are tied in terms of sync behavior and performance. My WM 6.1 device has a significant edge in usability speed because of one-handed message selection and movement, plus the press-and-hold keys. I realize that for novice users this speed differential might be much smaller... but I'm not a novice. (And, to forestall any flames: the iPhone keyboard is OK with me. Once I got used to it, it's as fast as a physical keyboard.)

Calendaring

OK, so let me get this out in the open: I can't stand iCal on the desktop. It's so lame compared to Entourage, Outlook, and OWA that I just flat don't use it. The fact that the iPhone's calendar app emulates iCal closely is not a good thing. Color coding of events on the iPhone is driven by where events appear in iCal, meaning that if you sync with Exchange (or Entourage, FTM), your events appear in one color. There's no support for Exchange categories, an obvious omission.

One thing I do like: the default behavior when a new meeting invite appears is to play the calendar reminder sound and show an alert. This is useful because there's no other way to show that you have pending meeting invites. There's a host of weird behavior involving existing recurring events; after your first sync, most of them will show up as "maybe" (which in Apple-speak means "tentative"), even if you've previously accepted them.

Now, on to the really bad stuff. There are several common-- nay, fundamental-- things that you cannot do with the iPhone calendar application. You cannot:

• create a meeting request and invite other people to attend. Without this, the wireless calendar functionality is largely useless unless you're the Unabomber or some other kind of Luddite hermit who never works with others. (Oddly, you can view the attendee status of meetings you create on the desktop!)
• create a recurring meeting unless it is repeated daily, weekly, bi-weekly, monthly, or yearly. That's right-- no more "first Thursday of every month" or "every Monday, Wednesday, Friday" appointments. This is disgraceful. Even Palm managed to eventually get this right, for crying out loud.
• create a meeting in a time zone other than the one you are currently in. I guess you might be able to do this by changing the device time zone, but that doesn't seem like a very good idea to me, and I haven't tried it. I have tried (in vain) explaining why I created a meeting request for 4:30am Pacific time because I forgot my device was still on Eastern time, though.
• view suggested meeting times or free/busy times, either for your own calendar or for others'. That makes sense, given that you can't invite other people, but it's still super lame.
• move to an arbitrary date, in either the future or the past. Say you want to check your schedule for 331 days from now so you can grab some frequent-flyer tickets to Maui. Hit the "month" button, then flick until you get to June 2009. Let's hope you don't need to look at dates in the far future or you'll end up with a pulled tendon or something.

As with the offline mode behavior of the mail app, it's mind-boggling that Apple didn't get these right. We're not talking cutting-edge functionality here. The fourth one is especially egregious because it's been that way since the v1.0 release.

Special note to IMAP users: you can receive meeting invitations as .ics attachments, but you can't open them or add them to your calendar. This is apparently a feature, not a bug. You're welcome. (Special bonus: the Calendar app just died on me as I was looking at my list of pending invitations).

Tasks

The iPhone doesn't include a built-in tasks/to-do application. Windows Mobile 6 has task support baked in, so it has a clear advantage here. Apple missed the boat here, as this is a natural piece of functionality for a mobile device. There are a number of such programs at the iPhone App Store, but none of them seem to support wireless sync. My money is on OmniGroup's OmniFocus, which I've recently started using on the desktop. OK, I admit it; OmniFocus doesn't support sync yet either, but it's supposed to soon, and I trust them based on their track record.

Notes

The iPhone Notes application is anemic and, IMHO, basically useless. (No, I don't mean the iPhone version of Lotus Notes, because it doesn't exist; I mean the built-in Notes application). Given its overall level of uselessness, it's no surprise that it doesn't sync with Exchange-side note items. If server sync is important to you, get Evernote, which has clients for Mac OS X, iPhone, Windows, Windows Mobile, and IE/Firefox/Safari. (Ping me if you want an invite). [Update 2: I use OneNote on my Windows machines, and its sync behavior with Windows Mobile is brilliant: plug in your device, automatically get the client, and then sync "just works". It is not, however, wireless, which is what I need. Plus, there's no Mac client.]

Policy control and security

The first time I synced the iPhone with my home Exchange server, I didn't see two things that I expected. Windows Mobile correctly warns me that I'm using a potentially untrusted certificate, because it's issued by my self-signed root CA. Once the initial sync connection was made, I got a warning that I would have to accept the organization's EAS policy to let sync continue. The iPhone didn't show either of this warnings. I consider this a failure in both cases. Without a certificate validity warning, an attacker could easily mount a man-in-the-middle SSL attack. Accepting the server-side EAS policy without telling the user opens the risk that the user's device will be remotely wiped without her knowledge, or that other policy changes will unexpectedly remove device functionality. Because I'm on the road, I haven't actually tested any of the remote wipe or security policy options because I need the device to keep working until I return home. Look for a follow-up article (in which I will probably complain that the iPhone doesn't support the most interesting new EAS policies of Exchange 2007) later.

As a side note, I fixed the original WM certificate error by adding my domain root CA certificate to the device. There doesn't seem to be a way to do this on the iPhone, although I haven't tested the desktop provisioning utility.

Bugs!!!1!

Are there bugs? Yes, in fact there are. The most noticeable one for me is Apple's refusal to use IMAP EXPUNGE to properly remove items. This makes it very frustrating to use an iPhone for IMAP access to an account that you use with Outlook or Entourage elsewhere. There are other bugs, too. For example, when you "reply all" to a message, your sending address is included as a recipient. I already mentioned the way that previously-accepted repeating events act, but I am too busy/lazy to come up with a detailed repro case.

Where to learn more

Apple's got a decent "quick start" page explaining how to set up Exchange ActiveSync for use with the iPhone, and the Exchange team has a more detailed post on the Exchange team blog. I suspect the comments for this post will be a fertile ground for updates, too. [Update 3 @ 1944 7/15: my main main Omar has a wiki that chronicles bugs in the iPhone Exchange integration here.]

One of the questions I frequently get in the UC Metro classes is how to install and use OCS 2007 Speech Server. First, you have to download it. After that, installing it is easy, but there are two other things people usually want to be able to do. First, they want to be able to use Communicator to call Speech Server. Second, they want to be able to transfer calls from Speech Server to Communicator. Michael Dunn has answers to both questions.

One of the questions I frequently get in the UC Metro classes is how to install and use OCS 2007 Speech Server. First, you have to download it. After that, installing it is easy, but there are two other things people usually want to be able to do. First, they want to be able to use Communicator to call Speech Server. Second, they want to be able to transfer calls from Speech Server to Communicator. Michael Dunn has answers to both questions.

The mating dance in archiving and compliance continues; I just got a press release announcing that Proofpoint has acquired Fortiva, a major software-as-a-service archiving player. This gives Proofpoint a great entrée into the world of archiving, and extends their reach in the SaaS world. This FAQ outlines how the combined entities will function; basically, Fortiva will keep its Toronto development operations, and customers will still deal directly with them for the foreseeable future.

The mating dance in archiving and compliance continues; I just got a press release announcing that Proofpoint has acquired Fortiva, a major software-as-a-service archiving player. This gives Proofpoint a great entrée into the world of archiving, and extends their reach in the SaaS world. This FAQ outlines how the combined entities will function; basically, Fortiva will keep its Toronto development operations, and customers will still deal directly with them for the foreseeable future.

Very interesting article from The Register: it seems that Salesforce.com has announced a set of application migration tools to move Notes/Domino applications over to their hosted platform. They are doing so, in part, because Exchange is displacing Notes for e-mail, but the broader MS collaboration platform is not necessarily displacing Notes applications-- at least according to the article; they don't cite any statistics to back it up.

Very interesting article from The Register: it seems that Salesforce.com has announced a set of application migration tools to move Notes/Domino applications over to their hosted platform. They are doing so, in part, because Exchange is displacing Notes for e-mail, but the broader MS collaboration platform is not necessarily displacing Notes applications-- at least according to the article; they don't cite any statistics to back it up.

I've been wanting to blog about this for a while, but we had to keep the lid on until today. Microsoft just announced the Podcasting Kit for SharePoint (PKS), primarily developed by 3Sharp. PKS is a completely integrated kit that lets you use SharePoint as an enterprise-scale podcasting aggregator and management system. You can publish your own internal podcasts, plus you can catch and redistribute podcasts from other sources. Wherever their origin, the podcasts you manage with PKS can be rated by users, tagged using tag clouds, and played back using Silverlight so that you don't need a separate podcasting device or application. We've already implemented PKS internally and will shortly be rolling out a PKS portal stuffed full of tasty IT Pro content-- check our web site for updates.

When you get a voice mail message from an Exchange 2007 unified messaging server, it gets a unique message type that allows Outlook 2007 and OWA 2007 to represent it as a voice mail. In the UC Metro class I'm teaching in Toronto, someone asked me whether it was possible to create a "fake" voice mail message-- in other words, is there some way to create a message from an external application that appears to be a voice message in Exchange UM-aware clients? His question made sense given that his company makes applications that already do voice integration for various things, so I did some digging (by which I mean "I asked some folks on the UM team"). Here's the deal.

Outlook and OWA use the PidTagMessageClass property to help them decide whether a message is a voice mail. I never would have known this except for the Voice Mail and Fax Objects Protocol Specification, part of the massive spec dump Microsoft unleashed last month. Section 2.1.2.1 explains the possible values for PidTagMessageClass; subsequent sections describe how you must prepare and attach the actual audio content to the message. However, the spec doesn't explain exactly how to set the message class in the first place; to do that you'll need to either have mad MAPI skillz (translation: pay Dimitri and use Redemption) or set it yourself using Exchange Web Services and the attribute documentation that tells you which properties have which tags. (Update: For real voicemails, the properties are set by the store's content conversion engine when the message is accepted at the recipient mailbox. I haven't tested to see what happens if you submit a message that meets the spec by using SMTP; it would be interesting to know if the properties are correctly applied in that case.)

In a related note, if you've ever wondered where the Outlook audio notes field data is stored, check out the PidNameAudioNotes attribute.

Update: each UM user has to have an Exchange Enterprise CAL. That means that anyone to whom you send synthetic VMs to has to have the Enteprise CAL as well, even if they're not otherwise using UM.

When you get a voice mail message from an Exchange 2007 unified messaging server, it gets a unique message type that allows Outlook 2007 and OWA 2007 to represent it as a voice mail. In the UC Metro class I'm teaching in Toronto, someone asked me whether it was possible to create a "fake" voice mail message-- in other words, is there some way to create a message from an external application that appears to be a voice message in Exchange UM-aware clients? His question made sense given that his company makes applications that already do voice integration for various things, so I did some digging (by which I mean "I asked some folks on the UM team"). Here's the deal.

Outlook and OWA use the PidTagMessageClass property to help them decide whether a message is a voice mail. I never would have known this except for the Voice Mail and Fax Objects Protocol Specification, part of the massive spec dump Microsoft unleashed last month. Section 2.1.2.1 explains the possible values for PidTagMessageClass; subsequent sections describe how you must prepare and attach the actual audio content to the message. However, the spec doesn't explain exactly how to set the message class in the first place; to do that you'll need to either have mad MAPI skillz (translation: pay Dimitri and use Redemption) or set it yourself using Exchange Web Services and the attribute documentation that tells you which properties have which tags. (Update: For real voicemails, the properties are set by the store's content conversion engine when the message is accepted at the recipient mailbox. I haven't tested to see what happens if you submit a message that meets the spec by using SMTP; it would be interesting to know if the properties are correctly applied in that case.)

In a related note, if you've ever wondered where the Outlook audio notes field data is stored, check out the PidNameAudioNotes attribute.

Update: each UM user has to have an Exchange Enterprise CAL. That means that anyone to whom you send synthetic VMs to has to have the Enteprise CAL as well, even if they're not otherwise using UM.

Boom shaka laka! According to this press release, Microsoft is releasing SP1 for Office 2008 at noon PDT today. It should be up on Mactopia shortly.

I had a heck of a time finding the downloadable version of the OCS 2007 Speech Server component, which you can use to build interactive voice response (IVR) and text-to-speech (TTS) capabilities into your own applications. We use it extensively in the UC Metro training, and I needed to reinstall it-- but it was nowhere to be found.

Cut to the chase: it's available at http://www.microsoft.com/downloads/details.aspx?FamilyId=BB183640-4B8F-4828-80C9-E83C3B2E7A2C&displaylang=en. Don't try searching for "speech server 2007 download" or you'll only get some old, obsolete microsoft.com pages that offer a broken beta version.

Now this is pretty slick: a Visio 2007 connector that can connect to an Exchange topology and automatically generate a set of topology diagrams drawn from what it finds on the network. I'll be looking forward to seeing how this works in more complex environments than my own single-server lab in the basement.

Exchange 2007 supports three codecs for Unified Messaging voice messages. I knew that you could choose which codec Exchange uses at the dial plan level, but until recently, I didn't know that you could change this setting for individual users. The key is to use the CallAnsweringAudioCodec switch with the Set-UMMailbox command, like this:

Get-UMMailbox "paul" -CallAnsweringAudioCodec gsm

Of course, you can do lots of more interesting things with this cmdlet by using filters or other means to apply this setting to a group of users... say, your Entourage users, who can't listen to UM voice mails recorded with the default WMA codec.

Technorati Tags: Exchange 2007, Unified Communications, Unified Messaging

Wow.

My mind is being blown by some of the things the Exchange team is showing us. One of the best things about being an Exchange MVP is that we have a really good rapport with the product group. Some groups have bad intra-group relationships, and others have friction between the product group and the MVPs. In this case, though, the product team does a stellar job of soliciting and accepting feedback, and it's been to both our benefits. Can't wait to talk about some of the things they're showing!

(and funny side note: the space bar on my MacBook Pro is sticking, so I keep typing compound words like "keeptyping" and "productplan". This makes me feel vaguely German.)

Eileen Brown of Microsoft was kind enough to organize a bloggers' lunch at INTERACT 2008 today. There was a good crowd, including some folks I knew and many that I hadn't previously met. I got there late and had to leave early, but in between, we got a great presentation on the inner workings of the Exchange team blog, plus a panel discussion with several senior Microsoft folks from the Unified Communications Group. As a closing surprise, we got permission to talk about a previously unannounced product that has heretofore been under deep NDA: the Mac business unit at Microsoft is close to releasing a new version of Mac Messenger, version 7.0, that adds some impressive new functionality.

Like earlier versions, the new Messenger release can simultaneously connect to the Windows Live Messenger service and corporate IM networks. In this case, Messenger adds support for OCS 2007 using the same enhanced presence model that Office Communicator uses. Better yet, it supports voice and video with other OCS users! I've been using this feature for a while and it rocks. Combine it with OCS' ability to federate contacts across multiple organizations, and it rocks even more. Voice and video quality in my tests has been excellent, and the OCS support carries on Messenger's tradition of providing a very Mac-ish user experience. I hope to get permission to post some screenshots in the next day or two; more news when there is news.

This week, I'm getting ready to attend INTERACT2008, Microsoft's new community event for unified communications. I think of it as a replacement for the long-departed and much-missed Microsoft Exchange Conference (MEC), but it's not really the same thing. INTERACT is more focused, with a much higher technical session level. Press aren't invited, but MVPs and other community influencers are. There should be a large presence from Microsoft's engineering teams, which is always good. The whole event is structured around trying to reinforce the growing MS UC&C community and help it grow-- a worthwhile goal.

I'm presenting two sessions and proctoring a hands-on lab. The sessions are both on UC development: one on the APIs you can use across various parts of Microsoft's UC product line, and one on Exchange Web Services. The hands-on lab is really cool: it's a distillation of the two days' worth of labs that 3Sharp built as part of the UC Metro project for Microsoft. If you come do the labs, you'll be getting the same training that Microsoft provides its ISV partners. If you're going to be at INTERACT, drop me a line and let me know.

Technorati Tags: 3sharp, Exchange 2007, Unified Communications, Unified Messaging

Microsoft has posted a very useful document called "Certificate Use in Exchange 2007 Server" that outlines pretty much everything you need to know about how Exchange 2007 uses certificates. In particular, it nicely explains the use of subject alternative name (SAN) certificates. Check it out.

Microsoft licensing confuses lots of people, me included. Fellow Exchange MVP Michael B. Smith has two great posts covering Exchange licensing and OCS licensing. They make for interesting reading if you're not up on the intricacies of these licensing terms.

Microsoft licensing confuses lots of people, me included. Fellow Exchange MVP Michael B. Smith has two great posts covering Exchange licensing and OCS licensing. They make for interesting reading if you're not up on the intricacies of these licensing terms.

On Friday, I set myself up for the hat trick: I was going to upgrade my primary desktop to Mac OS 10.5, my work laptop to Vista SP1, and my home Exchange server to 2007 SP1. I only got one of the three done because I ended up busy with actual, y'know, work-- my Exchange box was the only one I got around to. However, during the upgrade, I faced an annoying problem: the Exchange setup utility failed when it tried to upgrade the UM service.

I checked the event log and found that the UM service was failing with event ID 1183. As far as I can tell, that's a totally undocumented error. It turns out that, when the UM service attempted to issue itself a new self-signed certificate, the service was throwing an error and crashing with an unhandled exception. Because the UM service wouldn't start, Exchange Setup (quite sensibly, IMHO) wouldn't continue.

The fix ended up being to restore the correct permissions on c:\documents and settings\all users\application data\microsoft\crypto\rsa\machinekeys. This is the location of the computer account's personal certificate store, and for some reason, the permissions on it were incorrect. Adding NETWORK SERVICE:F and Domain Admins:F back to the ACL fixed the problem and allowed the setup utility to finish its work. (The longer-term fix comes in two parts: fix New-ExchangeCertificate so it doesn't fail with an unhandled exception in that case, and then figure out who borked the permissions on that folder.)

What about the Leopard and Vista upgrades? Hey, tomorrow's another day!

Technorati Tags: Exchange 2007, Unified Messaging

You probably already know how to use Outlook Voice Access to listen to your messages, get calendar information, and so on. Did you know that you could use it to send voice mail messages to distribution lists? It's true. Check it out:all you have to do is dial into OVA, say "Directory", then say the name of the distribution list. Record the message, say "send this message", and you're done!

A few tips on things you should be aware of:

• The distribution list is actually a dynamic grammar for Speech Server. It's rebuilt daily. When you create a new DL it won't immediately be included in the grammar. Check C:\Program Files\Microsoft\Exchange Server\UnifiedMessaging\grammars\en\distribution.cfg to make sure the DL is there. You can force a rebuild with Set-UMServer -GrammarGenerationSchedule.
• Take a look at C:\Program Files\Microsoft\Exchange Server\UnifiedMessaging\temp\distribution.grxm if you want to know whether the DL is included.
• By default, Exchange will automatically create grammar entries for DL names. If you don't want this behavior, edit C:\Program Files\Microsoft\Exchange Server\Bin\globcfg.xml and set EnableDistributionListGrammarGeneration to false.

You probably already know how to use Outlook Voice Access to listen to your messages, get calendar information, and so on. Did you know that you could use it to send voice mail messages to distribution lists? It's true. Check it out:all you have to do is dial into OVA, say "Directory", then say the name of the distribution list. Record the message, say "send this message", and you're done!

A few tips on things you should be aware of:

• The distribution list is actually a dynamic grammar for Speech Server. It's rebuilt daily. When you create a new DL it won't immediately be included in the grammar. Check C:\Program Files\Microsoft\Exchange Server\UnifiedMessaging\grammars\en\distribution.cfg to make sure the DL is there. You can force a rebuild with Set-UMServer -GrammarGenerationSchedule.
• Take a look at C:\Program Files\Microsoft\Exchange Server\UnifiedMessaging\temp\distribution.grxm if you want to know whether the DL is included.
• By default, Exchange will automatically create grammar entries for DL names. If you don't want this behavior, edit C:\Program Files\Microsoft\Exchange Server\Bin\globcfg.xml and set EnableDistributionListGrammarGeneration to false.

I was wondering about this the other day: what happens when someone attempts to leave a voice mail message on an Exchange 2007 Unified Messaging server when the target mailbox is full?

It turns out that Microsoft helpfully documented this already: if the mailbox is nearly full (such that the VM would make the mailbox go over quota), it's still delivered. If the mailbox is already over quota, the UM server tells the caller that the mailbox is full, and the caller isn't allowed to leave a message. This may be actually useful if you want to create an announcement-only mailbox, but I haven't tested doing so yet to ensure that it behaves as expected.

Technorati Tags: Exchange 2007, Unified Communications, Unified Messaging

I know the title of this post sounds like a case study, but it isn't. Remember that New York Times story last week about how Eli Lilly was negotiating with the US Department of Justice over a US$1 billion settlement? At first, Lilly thought the Gray Lady had gotten information from the DoJ... but it was one of their own lawyers who mistakenly sent a confidental e-mail thread memo to the NYT's Alex Berenson instead of her fellow attorney, Sanford Brad Berenson. Oooops. Read the whole story here, then consider how much value an information rights management (IRM) system like Windows Rights Management might have provided to that law firm (to say nothing of the poor attorney who made a mistake-- I bet her future career prospects are pretty dim.)

Update: Portfolio got a few of the details wrong, so I've edited the above post. NPR's "On the Media" has an interview with Alex Berenson that provides some more background detail if you're interested.

Intermedia, well-known as a provider of hosted Exchange services, just sent out a press release announcing their software-as-a-service hosted version of OCS 2007. They're offering presence, IM, and PC-to-PC voice; no conferencing or telephony integration. Still, this is an interesting move, and it should be especially attractive to those who are already using, or considering, Intermedia as an Exchange hosting provider.

Technorati Tags: OCS 2007, Unified Communications

So, I've been trying to get to Voice Ignite for a while now. Tim got to go to Orlando in December, but I couldn't go because I was busy. Missy got to go to Barcelona last month, but I couldn't go because I was busy. Now Devin and Kevin are going to Sydney, which is only just about my favorite city in the whole world, and I can't go... because I'm still busy! I just saw that there are now dates for Kuala Lumpur and Paris, neither one of which I can go to because (chorus) I'm busy! Maybe Scottsdale...

(And if you're wondering what I'm doing: how about a two-day, hands-on event that covers all the details of writing applications using Microsoft's APIs for Office Communication Server 2007, Office Communicator 2007, and even the AJAX-based Communicator Web Access? Ping me if you want to know more.)

Technorati Tags: 3sharp

I got a very interesting press release from Ferris Research this morning. They performed a survey of more than 900 (for some reason, I want to say the exact number was 916) companies of various sizes and in various verticals. 654 of the companies were in North America; most of the rest were in Europe. I don't have the full report to analyze it yet, but there are some very interesting claims:

• Across all organizations surveyed, Exchange has a 65% market share, with major strengths in healthcare and telecom enterprises.
• Internal and hosted POP/IMAP solutions are used in about 15 percent of organizations of all sizes, with 5% of large organizations using them.
• Notes/Domino has about 10% market share across the surveyed organizations, with particular strengths in manufacturing and financial services.

Ferris claims that this is "by far the largest survey ever done on messaging systems". I've requested a copy of the full survey (benefits of being in the press, y'know) and will report more detail once I get it. For now, let's just say that the numbers Ferris is reporting certainly don't match up with the numbers claimed by Lotus advocates (and who would've guessed that POP/IMAP had such a penetration?) OBTW: GroupWise's market share is "negligible".

Technorati Tags: Collaboration, Exchange 2007, Unified Communications

As with so many other things, there's a right way and a wrong way to create custom attributes for use with Exchange. These attributes can be made to appear in the custom attribute slots in Outlook, so you can extend the GAL (and views of it) to include things like birthdays, employee IDs, or other data not include in the schema. The wrong way is just to pick what looks like an unused MAPI attribute ID. Dave Goldman explains the right way here.

Technorati Tags: Exchange 2007

A federal magistrate just hammered six Qualcomm lawyers for failing to properly handle and produce evidence in the long-running Qualcomm vs Broadcom patent dispute.

The judge concluded that their declarations and other evidence lead to "the inevitable conclusion that Qualcomm intentionally withheld tens of thousands of decisive documents from its opponent in an effort to win this case and gain a strategic business advantage over Broadcom," according to 48-page order released late yesterday.
"Qualcomm could not have achieved this goal without some type of assistance or deliberate ignorance from its retained attorneys," she added.

Ouch! I've written about this issue before, and it's not going to go away! You'd better have an effective discovery strategy in place before your organization ever gets involved in litigation, and this strategy should probably extend to making sure your inside and outside counsel aren't stupid enough to try to "lose" e-mail messages. That trick never works.

Technorati Tags: Unified Communications

It turns out that Windows Mobile devices have unique device IDs. This comes about because WM is part of the Windows CE family, so each WM device has a two-part unique ID. The first 4 bytes represent a device family (e.g. all, say, HTC S730s will have the same 4-byte value). The remaining 12 bytes are supposed to be globally unique to all devices from the manufacturer, so that two (say) Palm Treo 750s will have two different device IDs. These IDs are not the same as the IMEI or phone number (in part because not every device will have an IMEI or phone number-- consider a WiFi-only device that syncs to EAS).

There are several different uses for the device ID. From an Exchange perspective, the two biggest ones are:

• looking at the IIS logs on the CAS server to see when a particular device synced and what happened when it tried (e.g. are there errors? did the sync complete? when was the last sync?) Some of this information is visible on the Mobile Devices tab of the OWA's Option page, or you can get it using the get-ActiveSyncDeviceStatistics cmdlet.
• provisioning access by device. For example, you can allow only a specified device to connect for a user, which prevents them from using other (presumably unsupported or unauthorized) devices. To do this, you use the set-CASMailbox cmdlet with the ActiveSyncAllowedDeviceIDs switch.

Technorati Tags: Windows Mobile

Jason Henderson of Microsoft just turned me on to this book: Inside Microsoft Exchange Server 2007 Web Services. I've ordered it, of course, and will report back on how good it is once I've had a chance to sit down and dig into it.

Now, this is just plain wrong. The two most recent versions of the Lotus Notes clients won't run when Vista User Account Control is enabled. This is despite the fact that IBM claims that Notes 8 is fully compatible with Vista. IBM recommends turning off UAC, which means you actually have to make your desktop less secure to run it.

Upon further investigation, it looks like nsd.exe is the actual component that doesn't work when UAC is enabled. It looks like the only necessary change would be for NSD to ship with a manifest that uses the requireAdministrator flag to signal that the executable needs to run with elevated privileges. This is pretty straightforward, so I wonder if there's some other issue that makes NSD, or another Notes component, fail under UAC. UAC support is required to get Vista logo certification, but I don't have a Notes box handy to see whether IBM is claiming the logo or not.

So, shame on IBM for missing this elementary requirement-- VIsta was out far enough in advance of Notes 8's release for IBM to have sufficient time to support UAC. Shame on Microsoft, too, for not taking proactive action to make sure that such a widely used application would work properly with UAC.

(Bonus vuln: this buffer overflow in the Notes client viewer for 1-2-3 files. It requires a patch, which you must get from IBM support. Too bad IBM doesn't make its patches freely downloadable.)

Technorati Tags: Collaboration, Unified Communications

I'm still really enamored of the Microsoft RoundTable conferencing camera. IMHO it's a real breakthrough, and I can't wait until we can get one of our own and start using it regularly for the meetings I have to attend. We faced a problem for the roadshows, though: the RoundTable is an odd shape and doesn't disassemble for transport. I couldn't see shipping a $3000 device in a cardboard box, so I did some digging. As far as I can tell, there's only one company that makes RoundTable-specific cases. Titan Cases of Seattle. We ordered one, and it wasn't cheap (about $335). However, just look at the darn thing. It's practically indestructible. In fact, it should say "CRAFTSMAN" on the front.

Titan offers two models: one with wheels and one without. We took the wheel-less one in hopes that it would be easier to take aboard airplanes. It's done an admirable job so far, but we'll be ordering the next one in 3Sharp green.

It turns out that there are at least two ways you can build custom applications that take advantage of OCS 2007's capabilities for presence, IM, conferencing, and voice. First, you can use the Communicator SDK to do client-side stuff, like asking Communicator to initiate a voice call or change your presence status in response to some action. (I need to find out if Communicator is smart enough to set your status to "away" when you lock your workstation; if not that will probably be my first project.)

Second, you can use the OCS SDK to write server-side code for things like IM content filters. This is also a handy way to write server-side response bots. You can also integrate presence and IM with SharePoint using a fairly simple web part; I'll write more about that later.

One common question (or family of questions, I guess) that I get concerns how voice mail messages are handled in the Exchange 2007 transport engine. In particular, a couple of people at the "It's Time to Deploy" events have had questions about how voice messages are journaled. Depending on your organization's records management requirements, you may want to make sure that VMs are journaled, or you may want to affirmatively block them from journaling. It turns out that you can easily do this with the Set-TransportConfig task in EMS. A quick

Set-TransportConfig -VoiceMailJournalingEnabled:$false

will do the trick; the flag is set to enable VM journaling by default, and this command just turns it out.

Technorati Tags: Exchange 2007, Unified Communications, Unified Messaging

In days of yore, Exchange admins had their own conference, the MEC. For some reason I've never completely understood, Microsoft rolled Exchange content in to TechEd, along with developer-focused content and pretty much every other thing you could think of. What started as an admin/IT pro-focused show turned into a giant behemoth that embodied a paradox: every year, it would offer more sessions, and yet the number of sessions relevant to any given topic area tended to decrease!

I'm pretty sure Microsoft heard the screaming, because for the last couple of years their European show, IT Forum, has been split into two separate developer and IT pro events, held on consecutive weeks. I just got a note from my MVP lead announcing that the 2008 US TechEd will have the same split! This is tremendous news because now it means that IT and developer topics won't have to butt heads any longer. I expect dramatic growth in the number of Exchange-focused sessions, which should be great. (Of course, it kind of stinks for the MS folks who now have to spend two consecutive weeks in June in Orlando!)

Despite this change, I expect Exchange Connections to remain the premier Exchange-focused conference. It's a smaller, more focused, and more intimate conference that lets us dive deep into Exchange and UC topics. I'm excited to be chairing the fall 2007 show next week in Vegas and the spring 2008 show in Orlando. See you there!

I'm still recovering from the Microsoft UC launch-- it was a lot of fun to talk to customers and get their feedback on what Microsoft has done right, and wrong, with OCS 2007. One topic I didn't hear much about was Microsoft's acquisition of Parlano. I think that will be changing, though, once word of this gets out: customers who bought OCS 2007 with Software Assurance will be given no-cost licenses to the Parlano technology in Q1 2008. Future versions of OCS will include Parlano. This is a nice value-add for SA, the kind of thing that Microsoft needs to do more often to sweeten the pot as an SA incentive. (Actually, the best thing they could do to make SA valuable is to cut their release time to <3 years for major releases, so that SA customers actually get upgraded.)

Technorati Tags: OCS 2007, Unified Communications

I'm going to liveblog the Bill Gates/Jeff Raikes keynote when it starts in about an hour; before then, I have a press briefing with some folks from Microsoft's PR agency. I'll update this post when I start liveblogging.

0850: Springsteen's "Radio Nowhere" is playing. Good song; odd choice. Lots of press analyst folks, including Ephraim Schwartz.

0855: Barry University case study video. They're using OCS conferencing to let students attend conferences, replay lectures, etc. They're also using Live Meeting with RoundTable, which is made of win. Followed by funny "VoIP as you are" commercial, followed by Western Digital case study video, emphasizing value of ad-hoc conferencing and ease of configuring/re-configuring.

0858: Shaw Group case study video, plus another commercial, then Tayside Fire and Rescue case study. The fire & rescue folks love presence, and they're rolling out VoIP to speed communications. Gibson Guitar video is next, with background music by Luna Halo (sadly, there's no actual Halo present.)

0905: Fog machine is cranking up, and the case study videos and commercials are replaying.

0918: cool intro video showing manufacturing of a custom MS UC guitar at the Gibson factory, now being played on stage by some guy I don't recognize.

0920: Bill Gates on stage. "What's this all about? Well, Microsoft's all about the magic of software, letting people be more productive and more creative. Today's announcement is all about taking the magic of software and applying it to phone calls." "Flexibility... to do new things isn't there in that structure [PBX structure, he means]"

What factors drive this forward? "Magic of Moore's law" means "hardware is not holding us back at all-- you've seen the explosion of audio and video being an essential part of experiencing the Internet." Digitization of economy. Advances in software.Changes in bandwidth, mobility, and form factor.

Every 10 years or so, how we think of computers and communication changes-- from Altair ("the computer that got me to drop out of school") to IBM PC to laptop to tablet. Similar evolution of phones and mobile devices. Key players in mobile devices have been folks that are great at doing software, not just hardware. In contrast to great evolution in mobile devices, consider the phone you have in your offices. They look pretty much the same. Small display, "lots of buttons-- you look at them and say 'I wonder who uses those buttons?'" Frozen; nothing third parties can do to extend or improve.

Survey: " in 3 people have successfully transferred a phone call." (lots of laughter at this one!) "In the PC world, with things like Exchange and Active Directory... the directory is an important tool in the company and has become mainstream, but the PBX has stood by itself."

"n the older world, everything came in a vertically integrated communications stack."-- hardware, PBX, software all came from one company. "That model worked fine because the pieces worked together.. but it meant that once you picked a PBX partner that was it. Even if they didn't make much money on the initial sale" ongoing support was costly. "For Microsoft, just to set up a new office with a phone was about $700 and required a lead time of a week." (wow! what kind of PBX was that? I don't want one.) How are we changing away from a vertical model? "We've seen this before... it's just like the computer industry before the personal computer came along." Change agents were MS, Intel, and third parties that made it a horizontal market.

Four layers: phones and devices, interoperable apps (based on the directory), open communications software platform, and industry-standard IT architecture. Multiple vendors on each levels. "As you go down the path, at every step there's opportunities for increased productivity and cost savings."

"This shift will be as profound as the shift from typewriters to word processors... which we simply take for granted. Ten years from now, when people think about telephony, when you see a movie that has a desktop phone you'll think 'wow, we used to have those.'"

"We're excited that applications companies, services companies, companies that do great hardware are all coming in here."

"When we think about the cost savings here, you might ask 'how does this add up?'" Productivity benefit; flexibility of conferencing reduces travel; business process where you're collaborating becomes more effective. (this wasn't as much punch as I was expecting-- seemed a little ad-libbed)

0940: Forester looked at all these savings and found "over 500% ROI over three years". Part of the reason "that's so high is that you're leveraging investments you've already made". I mentioned some of the innovations earlier. A good example, both in hardware and software, is RoundTable. Small, light device (it is, but he's not shwoing the dial pad or satellite mics) Costs $3000. Active speaker switching "does a very precise job". Intros Virgin Megastores case study video on RoundTable. Rich media playback, active speaker switching, doc sharing. (all of this uses the Live Meeting console, which works the same way both for Live Meeting and OCS conferencing) This is an area where we've been investing for a number of years... it's a big bet that we've made but we feel great about it." Person who's led that investment and driven the business is Jeff Raikes.

0945: Jeff Raikes on stage. Fifteen months ago, we were here to show our roadmap. Now we're excited to be back to show our products. Announcing the launch of OCS 2007, Office Communicator 2007, a major update to Exchange 2007, Live Meeting, and RoundTable. "These technologies provide the backbone of software-powered communications... it's a big R&D bet for Microsoft."

"The era of dialing blind, the era of phone tag, the era of voice mail jail... that era ends today."

Identity and presence are at the core. "Think of how many phone numbers you have... phone numbers are an artifact of a technological limitation. I don't want to get in touch with your phone number, I want to get in touch with you."

MS research: average information worker spends 37 minutes/week (~ 30 hrs/year) in voice mail jail or playing phone tag. It's not just the lost time that's important, it's what it means in the context of the business.

0951: Eric Swift onstage for demo. Notional sales rep in Chicago wants to check messages to see what he can work on on the way home. Dons headset and calls Outlook Voice Access while Outlook is open on screen. OVA reads new message, then he switches to voice mail. "Let me hear my voice mail", then playback of voice mail message requesting critical response. "Calendar for today" followed by "clear my calendar" to free time. (Some recognition problems, not uncommon in auditoriums with lots of background noise-- I've definitely had varying results in large rooms.) Demo of Outlook Mobile: type-ahead search, plus search of Exchange server catalog. Switch to Communicator Mobile to check presence status. Click-to-call on mobile device to place voice call to co-workers mobile phone.Traffic is congested downtown (should've used Windows Live Search). Goes to work from home, in his backyard with barbecue pit ready to go.

1000: shows creating an IM session from a mail, with the subject line preserved, plus one-click access to item used to start conversation. Then shows escalation directly to voice call. Drag a new participant into the voice call to add them and turn it in to a conference. (audience applauds) "When I deal with vendors I like to look them in the eye", so let's escalate to video.

1005: attending a regularly scheduled Live Meeting from the coffee shop.RoundTable in a meeting room, plus two remote attendees. (Panorama view in Live Meeting console is very cool) show integration from within Word-- person names have a presence jellybean, and you can click-to-call. (applause)

1010: Jeff Raikes back on stage. "not something just for the boardroom or the elite... two orders of magnitude from other solutions. It opens up all of that value for a great communications experience." Harris Interactive/MS study: average information worker gets up to 100 messages a day in 7 different places, up 30% in 18-24 months.SharePoint already has great integration. Dynamics CRM is adding it (that's news to me; I wonder if it's a formal announcement). 150+ customers using OCS/UC in production, 25-30% cost savings reported by them. "Our goal is 50% cost reduction within 3 years." "As of last week, all of Intel-- all 104,000 people-- are using OCS and Office Communicator."

1020: Customer talk: Etienne de Verdelhan, CIO of L'Occitane en Provence, followed by customer video.

1030: Slide with hundreds of logos. "For every dollar of revenue Microsoft makes, we expect our partners to make $3." "To underscore that we have more than 50 partners here announcing new products or services."   Nortel, Ericsson, and Mitel are announcing their roadmaps today.

"Nortel has introduced a fully software-based roadmap and plans to build software applications that enhance OCS." "Ericsson has announced a mobility server that will be built on the VoIP call management layer." "Mitel has announced plans for a server that will be built around OCS and help to meet specialized needs in telephony, in particular in small and medium businesses and vertical markets."

SAP is building presence and click-to-communicate into Duet, combining SAP data with rich presence, all available within Office application suite.

I'm off to San Francisco for the Microsoft Unified Communications launch. Should be a fun time!

Technorati Tags: 3sharp, Exchange 2007, OCS 2007, Unified Communications

If it’s October, that must mean it’s time for... spring?!

Normal people are just starting to enjoy the autumn, but the Exchange Connections staff is preparing for our Spring 2008 show (April 20-24, 2008 in sunny Orlando!) As part of that process, I’m issuing a call for session proposals.

A few ground rules:

• You need to submit at least 3 abstracts, but I encourage you to submit more than 3 to give us more flexibility in choosing sessions.
• Speakers will be chosen within a few weeks of the closing date, which is currently 10/19.
• All selected speakers will have their travel expenses (air + hotel) reimbursed; in addition you’ll be paid a stipend of $400 per talk.

What kind of talks should you propose? Anything having to do with Exchange (including DR, security, migration, and best practices), Live Communications Server/Office Communications Server, or related topics. The more technical, the better! (If you plan to repeat sessions from a previous event, please make sure you update the title and abstract to reflect the latest in the Exchange world.)

Please, no vendor “pimp sessions”. If you work for a software or hardware vendor, feel free to propose technical sessions that aren’t focused on your product. If you work for a PR firm, your principals are welcome to submit technical sessions.

To submit sessions, please e-mail me and I'll send you the instructions. We're using a SharePoint-based tool that takes much of the work out of the submission process. Please do not e-mail me abstracts!

Technorati Tags: Exchange 2007, ExchConn, OCS 2007

I must have missed this during all the appendectomy flap, but MS has released the RTM version of Communicator Mobile ("CoMo") 2.0. Get it here.

Technorati Tags: OCS 2007, Unified Communications

Good news for people who are considering building an OCS 2007 pilot infrastructure. It turns out that there *is* a way to upgrade the evaluation version of OCS 2007 to the full version. However, this approach won't work with the MSDN version (which you probably shouldn't be using anyway!)

Technorati Tags: Collaboration, OCS 2007

One of OCS 2007's most useful new features has a variety of names. You can call it "simultaneous ring" or "call forking"; the idea is that an incoming call can cause all of your defined phones to ring at the same time. For example, your desk phone, logged-in Communicator session, and cell phone can all ring at once, so you can answer the call from wherever you happen to be. However, this leads to a question: doesn't this tie up more phone lines?

The answer (as with so many other telephony issues) is "it depends". (In fact, I should start a new blog category called "It Depends" just for this kind of question!) Consider two scenarios:

• Alice is using Communicator and calls Bob, who's logged in to Communicator and has a Tanjay phone on his desk. In this case, Alice's call can ring Bob's two devices without tying up any lines through the gateway-- because there are no PSTN or PBX components involved, there's no need to take any lines from the gateway.
• Carol is an outside PSTN caller; she calls Dave, who has a TDM PBX phone, Communicator, and a cell phone. In this scenario, Carol's already occupying one line (from her phone to the OCS gateway). When OCS rings his cell phone, that will use a PSTN line. Ringing Dave's PBX phone may or may not require an additional line, depending on the connection between OCS and the PBX.

However, thanks to call path replacement, under many circumstances OCS can provide simultaneous ring without taking up additional lines. However, whether or not this works depends on the PBX (if any) in use, because not all PBX systems support this feature.

Technorati Tags: Exchange 2007, OCS 2007, Unified Messaging

When you use Exchange 2007 Unified Messaging, one of the cool features is that the UM server will attempt to replace the caller's phone number with a name. How does it decide what name to use? Ah, there's the rub! The answer depends on whether or not the caller has a UM-enabled Exchange mailbox. Here are the four possibilities (courtesy of Microsoft's Dave Howe):

• If the caller is UM-enabled, then the UM server will find the user by the Exchange UM proxy address and the mail will contain the Display Name of the caller, as shown in Active Directory.
• If the caller is not UM-enabled, but exists as a contact with extension in the called party’s Exchange mailbox, the mail will contain the Display Name of the caller. Note that this number will be whatever you put in, whether or not it matches what's in AD.
• If the caller is not UM-enabled, but you have added a custom Exchange UM proxyAddress containing his/her extension, the mail will contain the Display Name of the caller.
• Otherwise, the mail will contain the only the extension or phone number of the caller. Whatever the PBX reports as part of the call diversion information is what you'll get.

That raises an excellent question: how can you add a proxy address for users who aren't already UM-enabled? It turns out that this is simpler than you might think, once you know the magic spell. You can do it with ADSIEdit if you know the format (which is simply EUM:extID;phone-context=dialPlanName). So, for example, my EUM proxy address is EUM:7285;phone-context=redmondDP.3sharp.com

However, there's a simpler way: use Exchange Management Shell and just say:

Set-mailbox mailboxName –secondaryaddress extension –secondarydialplan dialPlanName

That's it. One line and you're done!

Technorati Tags: Exchange 2007, PowerShell, Unified Messaging

Remember all the goodies I mentioned here? They're all here. Expect review-age in the next week or two.

Technorati Tags: Exchange 2007, Unified Messaging

Good news: the pipeline of review equipment for unified communications is starting to fill up. Currently I have a GN 9350 headset (summary: love it, bought several for our office; expect a more complete review later this week) that can work both with desk phones and VoIP softphones like Communicator and a Samsung 225uw monitor with an integrated camera and mike. I just heard from my Polycom contact that I should expect a grand slam from them in the next two or three weeks: a CX100, a CX200 (aka "Catalina"), a CX400 (aka "Orca"; I'm especially interested in testing this), and the elusive CX700. I'm also eagerly awaiting the arrival of a Dialogic DMG1008 gateway, which provides 8 analog ports for use with an OCS 2007 mediation server. (For a good rundown of Dialogic's product line, see this deck; I haven't found anything as clear on their own site yet.)

Technorati Tags: Exchange 2007, Unified Messaging

Ed Banti briefed me on Exchange 2007 SP1 a couple of weeks ago, but the things he told me were under embargo until the 14th. I wasn't able to post then, but I wanted to share a few notes on things we discussed.

So far, MS is well-satisfied with the number of customers: more than 900,000 downloads of the beta, moving to over 300,000 full evaluations and 260,000 trial usages of the packaged virtual machine demos they've been shipping. The Unisys-hosted trial system has been hosting an average of 1000 trial accounts per week; all of these numbers exceeded the product team's expectations.

The Exchange team focused on two primary areas when deciding what to include in SP1: general planning inputs (including customer feedback and features that were in early 2007 betas but didn't make the release) and feature criteria (including improving the OWA feature set and hitting particular customer scenarios for HA and management, among others). The result of this focus is a set of features that cover the "three pillars" originally used as the rationale for Exchange 2007's launch: anywhere access, operational efficiency, and built-in protection.

What does this mean in practical terms? Here's a laundry list:

• improvements to unified messaging and support for OCS 2007, including using Exchange UM to provide voice mail services for OCS calls. IMHO the big burrito here is being able to generate a message waiting indicator (MWI) for Communicator clients, but the new security features (including SRTP and secure SIP support) are welcome too.
• Public folder management tools in EMC, plus public folder access from within OWA
• Support for Windows Server 2008 ("Longhorn"), as well as support for Windows Vista for the Exchange management tools. One major change from the original plan is that the UM role can now run on Windows Server 2008; the original plan called for it to run on Windows Server 2003 only.
• Expanded support for clustering (including clustering support in the EMC)
• SCR
• A greatly Improved OWA, with support for custom forms, a server-side rules editor, the return of S/MIME support, and better support for self-service functions like remote device wipe and deleted item recovery. Bonus item: the HTML document transcoder now displays Office 2007 docs properly.
• support for slipstream installations
• several new Web services, including public folder access, delegate management, delegate access, and folder-level permissions
• 28 new Exchange ActiveSync policies for various aspects of device behavior, including encryption, authentication, and device, network, and app control. Note that these policies require Windows Mobile 6.0 devices, but they give you some nifty new features (like policies to turn off WiFi or cameras, or to enforce the use of S/MIME).

One of the biggest changes in SP1, of course, is the long-awaited standby continuous replication (SCR) feature. Beta 2 of SP1 includes SCR, so you can begin testing it in your own environments. I'm looking forward to setting up CCR on Longhorn, which should be a lot of fun to experiment with. In addition, the OWA improvements help make OWA that much more useful, especially for organizations that require S/MIME. Microsoft naturally warns that you shouldn't use SP1 in production, but it's fine for use on test and demo systems.

Technorati Tags: Exchange 2007, Unified Messaging

Microsoft's really come a long way in how they market their products. Exchange 2003 offered a test-drive version of Outlook Web Access, and Exchange 2007 has expanded on that theme by offering test-drive and downloadable versions. OCS 2007 has upped the ante by offering some very cool virtual labs that you can use to play around with the OCS software. You can do a variety of things, including setting up UM on an Exchange 2007 server, setting up conferencing, and deploying Communicator 2007. My personal preference is usually to download the bits and set up my own VMs, but this is a nifty time-saving way to play with OCS with minimal investment of time on your part. 

If you work in the messaging or UC space, and you're not reading the VoiceCon ENews and VoiceCon UC eWeekly e-mail newsletters, you probably should be. The last two issues have been particularly interesting: Enews issue 181 pointed out what a huge impact the iPhone's going to have on the mobile device industry, and issue 30 of the UC eWeekly has some sage advice about buying (or not buying!) PBX systems.

Technorati Tags: Mitel

With all the hype surrounding the iPhone, I thought I'd stick my oar in the water and talk about iPhone from the perspective of someone who depends on Windows Mobile devices to get my daily work done. Over the last couple of years, I've chronicled my experiences with various Windows Mobile devices, including the Treo 700w. Despite its flaws, I've come to depend on the Treo to help me stay organized and in touch when I'm traveling or otherwise out of the office. I've recently replaced the 700w with a pre-release device from a major OEM running Windows Mobile 6.0 Professional, and it's a major improvement over WM5. In particular, the new Exchange 2007 support features (HTML mail and message flagging chief among them) really give me a productivity boost.

Originally I wasn't going to buy an iPhone, but once I got my hands on one my resolve weakened, and quickly. I ordered one from AT&T on July 4th and had it in my hands on the 6th. I added it as an additional line on my existing AT&T plan, and I was off to the races. (And no, I don't think the iPhone plan price is excessive; as for the device price, I'm betting I'll get more than $600 worth of value from the device over its lifetime.)

Over the next few weeks, I'll be writing an irregular series of posts on various aspects of the iPhone vs the other device I'm using. There's a lot of good in both platforms; likewise, each of them has some shortcomings. Which one will win? That's a misleading question, as there are too many different dimensions of use to pick a single winner. Stay tuned to see how it comes out!

Technorati Tags: iPhone

John is on the road again; this time he's at the Microsoft Worldwide Partner Conference in Denver, showing off a very cool new solution we've built for a major international relief organization. The solution uses Z5's extremely cool Nomad hardware platform, which is enough to make it cool in a doomsday sort of way. Perhaps Z5 will let me borrow one as part of our family emergency preparedness plan.

Technorati Tags: 3sharp

The Exchange team blog has a wonderful explanation of the ins and outs of Exchange 2007 certificate management and issuance, including a guide to using the elusive SAN certificate. Go read it now.

Technorati Tags: Exchange 2007

So, I've been using (and loving!) Exchange 2007 UM at two sites: my home and our office. At the office, we've all noticed an annoying behavior in the default auto-attendant: after you specify the name of the person you're calling, it asks you to press 1 to leave a voice message. If you ignore that prompt, it says "Okay, dialing..." and does its thing. We couldn't find a way to turn it off, until I noticed this unobtrusive checkbox in the UM auto attendant properties dialog:

It turns out that, in this context, "Allow callers to send voice messages" really means "annoy callers with prompts to leave voice messages instead of putting them through and then letting them leave a VM if the called party doesn't answer". Unchecking that box provided exactly the behavior we were looking for.

Technorati Tags: 3sharp, Exchange 2007, Unified Messaging

I'm in phone-shopping mode again. I was thinking about getting in line for an iPhone, but I think this new phone suits me to an R a T.

Great news: Microsoft is changing the Exchange 2007 licensing model so that you can use managed default folders (part of the "messaging records management" feature set) with the standard client access license (CAL). Originally, to use managed folders you had to pony up for the Enterprise CAL, which also includes Forefront, Exchange Hosted Filtering, unified messaging, and premium journaling. You also still need the Enterprise CAL if you want to use managed custom folders. Still, this is a welcome change. I still think the Exchange licensing model is complex and confusing to customers, but now it's a bit better.

Technorati Tags: Exchange 2007

Glad to see someone else in the press picking up on this: Michael Osterman just posted an article wherein he points out that claims that 25% of the Exchange installed base will migrate to Linux are, shall we say, overblown.

Technorati Tags: Exchange 2007

So I've gotten three or four requests for detailed instructions on how to fix the situation that happens when you say "no" when Exchange 2007 setup asks if you have any pre-Outlook 2007 clients. In that case, Exchange doesn't create a public folder store, but you need one for legacy client support. To fix this problem, here's what to do in a brand-new Exchange environment:

1. Launch the Exchange Management Console
2. Expand the Server Configuration node, then select the Mailbox node and select the server you want to create the PF store on.
3. Under the Database Management tab, select the storage group that you want to contain the public folder database.
4. In the Actions pane, click New Public Folder Database. Give the database a name and a path, then click New.

Once the database has been created, stop and restart the MSExchangeIS service.

If you already have Exchange servers, you shouldn't need to do this. If you decide that you want your Exchange 2007 server to publish free/busy and OAB information through public folders, follow the steps above, then see this article for information on how to add replicas of the needed folders to the Exchange 2007 server.

Technorati Tags: Exchange 2007

I looked all over the place to find documentation on how to set up Office SharePoint Server 2007 to hold journal reports generated by Exchange 2007. I finally found it after paging through about 10 zillion Google results. Here, for your edification, is the topic I found: "Plan e-mail message records retention" in the MOSS 2007 planning & architecture docs. With a little luck, soon Google, Live Search, et al will pick this article up so that searching for something sensible like "sharepoint 2007 exchange journal reports" will find it.

Technorati Tags: Exchange 2007

I've been waiting for this since Thanksgiving. Microsoft's finally started releasing details of the devices its partners are building for use with Office Communications Server 2007. It's important to note that individual partners, including Polycom, NEC, and LG-Nortel, are building these, but that Microsoft is providing the "Communicator Phone Experience" software for some devices. CPE is a radical departure from the standard model of having a button-driven user interface on the phone that talks to the PBX; CPE-equipped phones have a friendly Communicator-like GUI and rely on direct communications with the OCS server to get configuration and presence information. (In fact, you log on to these phones using your Windows credentials-- how cool is that?)

Some pictures to whet your appetite are at Microsoft's UC press gallery. I've requested review units of the Polycom phones and will report back here once I've had a chance to experiment with using them.

Technorati Tags: Unified Messaging

This just in from my pal Kevin Engman:

The Unified Communication Marketing team will be conducting six focus groups at Tech Ed, Orlando in June 2007 focusing on Unified Messaging and the IP telephony space. We are conducting focus groups to gain clarity concerning the roles and responsibilities in an IP telephony environment, given Exchange Server 2007 Unified Messaging and the public release of Beta 3 Office Communications Server (OCS) 2007. We would like to talk to IT administrators and IT managers currently working in an enterprise environment, which is defined as an organization with 100+ servers and 500+ PCs. They may work as full time employees or as contracted vendors. We are looking for a group of IT administrators and IT managers who have experience with Microsoft products such as Exchange Unified Messaging, Office Communications Server 2007, Office Live meeting, Live Communications Server, etc. We are also interested in IT administrators and IT managers who have experience in an IP telephony environment and not strictly a TDM/legacy telephony environment, with expertise in IP telephony equipment from vendors such as Cisco, Avaya, and Nortel.

The sessions will be held at the Peabody Hotel in Bayhill II. The session times are as follows:

• Session 1: June 4th, 1:00pm-3:00pm – For IT administrators and IT managers who manage Microsoft LCS or Microsoft OCS pilots.
• Session 2: June 4th, 3:00pm-5:00pm – For IT administrators and IT managers who manage Microsoft LCS or Microsoft OCS pilots
• Session 3: June 5th, 3:00pm-5:00pm – For IT administrators and IT managers who manage Exchange Unified Messaging or Cisco Unified Messaging solutions
• Session 4: June 6th, 12:00pm-2:00pm – For IT administrators and IT managers who manage Exchange Unified Messaging or Cisco Unified Messaging solutions
• Session 5: June 7th, 1:30pm-3:30pm – For IT administrators and IT managers who manage Cisco, Avaya, Nortel or any other VOIP solution.
• Session 6: June 7th, 3:30pm-5:30pm – For IT administrators and IT managers who manage Cisco, Avaya, Nortel or any other VOIP solution.

If you're interested, drop ucgfg@microsoft.com a line and let them know.

Technorati Tags: Exchange 2007, Unified Messaging

Say you have a user and you want to let them use Exchange ActiveSync with one device, but not another one. Exchange 2007 allows you to control device sync based on the device ID. Only devices whose device IDs appear on the magic list can sync; other devices cannot. (I guess that makes this feature the equivalent of the invite list at a Beverly Hills party.) Because the device ID restriction is per-mailbox, it also lets you keep users from swapping devices. To do this, use the Get-ActiveSyncDeviceStatistics cmdlet to get the device ID, then the Set-CASMailbox cmdlet with the ActiveSyncAllowedDeviceIDs switch to add this deviceID to the list of allowed devices. If the list is NULL, which is the default, a user can sync with any device. Multiple devices can be specified in the allow list separated by semicolons. (Thanks to Microsoft's Vanitha Prabhakaran for the tip!)

Technorati Tags: Exchange 2007

As promised at the MVP Summit, Microsoft's unified communications group today released the public beta of Office Communications Server 2007. Grab it here, or swing by the beta forums and see what's happening. I'll have lots more to say about OCS 2007, but right now I'm busy setting it up for the roadshow.

Technorati Tags: Unified Messaging

Well, maybe not a facelift, but it did get a new name: the Outlook-Exchange Transport Protocol. I only found out about this because of a press release I got from Cemaphore touting the fact that they're the first to license it. So, MAPI is dead as a name, but I suspect it'll be a loooong time before those four letters are expurgated from all of the existing MS documentation and support materials.

Technorati Tags: Exchange 2007

Another cool UC&C tidbit: a company called m-networks apparently has a commercial (e.g. supported) product that acts as a call control gateway for linking Asterisk and Live Communications Server. I'm not sure how big the market for such solutions is but it's good to see some of the ad-hoc hackery surrounding this particular integration supplemented by supported commercial products.

Technorati Tags: Unified Messaging

This is very cool: Mitel Delivers Direct SIP Connection to Microsoft Exchange Server 2007 Unified Messaging.

Mitel's embedded SIP integration eliminates the need for a separate SIP gateway as a go-between from a 3300 ICP SIP connection to an Exchange Server 2007 resulting in support for multiple forms of Unified Communications including voice, email and fax. Mitel can deliver this capability to existing 3300 ICP customers through a software upgrade that simply delivers the SIP server's (gateway) functionality resulting in reduced complexity, time and cost for our customers. Native support of SIP on the 3300 ICP enables customers to take full advantage of the deployment of open standards and maximize their investment either in a Mitel or a multi-vendor environment that supports an open standards approach.

This is great news because it saves the expense and hassle of buying a separate gateway product just to integrate with the PBX. Back in August of last year, I met with the Mitel folks and strongly encouraged them to pursue direct interop; I believe that vendors who can directly talk to Exchange 2007 servers are going to sell more PBXes than those that don't. I like the Mitel 3300 quite a bit (so much so that we bought one for our new office) and I'm pleased to see Mitel getting some first-mover advantage in this market.

Technorati Tags: Exchange 2007, Mitel, Unified Messaging

Very cool news: MS has announced the feature list for Exchange 2007 service pack 1. Those of you who have blasted Exchange 2007 for not having public folder access in OWA (yeah, I'm talking to you) will be glad to know that it's back, along with public folder management in the Exchange Management Console, S/MIME in OWA, POP and IMAP configuration GUI, and a few other nifty features.

Technorati Tags: Exchange 2007

My UPDATE columns for this week and next cover the process of updating Exchange 2003 to handle the upcoming DST change. (I'll update this post with links to the columns when they're published.) Oddly, as I was writing this week's installment, I found myself wondering how Notes and Domino will manage the DST transition; today I saw Ed's post on the topic. Apparently no matter whose messaging system you use, it's still a messy process. Of course, Exchange 2007 doesn't have this problem; if you hurry maybe you can get your environment upgraded before the DST switchover :)

UPDATE: here's part 1 of the series.

Technorati Tags: Exchange 2007

So I was trying to figure out how to exempt a particular IP address from connection filtering on an Exchange Edge Transport server. I needed to do this to keep Edge from deciding that the internal relay server was generating spam. It's going to be injecting spam (for some tests I'm doing), but I didn't want the sender reputation agent to decide that the server was a spammer itself.

My first thought was to add the server's IP to the IP accept list. That wouldn't work, though, because mail coming from IPs that appear on the accept list are tagged with an SCL of -1, indicating that no further filtering is necessary. I could have turned off connection filtering altogether, but I didn't want to do that either. Finally I broke down and pinged a friend who works for Microsoft, and once he understood what I wanted to do he came up with the right answer: I needed to use the set-transportConfig cmdlet's -internalSMTPServers flag.

Once I knew that, I was able to find references to the cmdlet all over the place (including one at Bharat's blog from yesterday... I guess that's a good reason to be more diligent about my blog reading!) As much as I've worked with Exchange 2007 over the last year, I still have a lot to learn.

Technorati Tags: Exchange 2007

Devin asked me, and I realized that apart from TCP 5060 (for SIP) I didn't know. A little googling, however, produced this topic in the Exchange documentation. See table 1, which shows the remaining ports that you have to keep open to make UM work across a firewall.

Technorati Tags: Exchange 2007, Unified Messaging

On the heels of my EWS post the other day, a new post from Microsoft's Wes Haggard, this time explaining how to use EWS to find contacts.

Technorati Tags: Exchange 2007

This is a hassle; I got two separate notifications from fellow MVPs that my Barracuda box was blocking their inbound mail. When I checked the Barracuda logs, sure enough, it had rejected both messages; the reason listed was "Intent (xmlsoap.org)".

"Intent" is the status code the 'cuda uses to indicate that it blocked a message because it contains a spammish URL; it's essentially the equivalent of SURBL. I checked the two messages, and sure enough they contain a reference to xmlsoap: "http://schemas.xmlsoap.org/soap/envelope/". However, this reference comes from the original message in the thread, which was an HTML message! Apparently somewhere in the round-trip reply cycle, the HTML version was converted to plain text, which exposed the xmlsoap reference, which the Barracuda improperly blocked. Evidently spammers have sent HTML-formattted mail from Outlook before, so xmlsoap.org has ended up on the intent list. Thankfully the Barracuda interface has an easy-to-find "Exempt this URL" link, so I could clear the ban, but it's still not what I would've expected.

Excellent news: the 32-bit versions of the Exchange 2007 management tools are now available. This download includes the Exchange Management Console, the Exchange Management Shell, ExBPA, and the Exchange Troubleshooting Assistant.

Technorati Tags: Exchange 2007

Just to set the record straight: Entourage 2004 works fine with Exchange 2007 public folders.

If you've read the Exchange docs (or the Exchange team blog, or any of the zillions of places that reported this), you might be forgiven for being confused. The docs say that public folders are "de-emphasized", a fancy way for saying that Microsoft is hoping you'll start using SharePoint instead. The docs also say that OWA 2007 doesn't support browser-based access to public folders (a regression from Exchange 2003, and a mistake IMHO, but that's a discussion for another time.)

The Exchange team posted a blog entry explaining the details of what they meant by "de-emphasized", but it doesn't mention Entourage. As Exchange 2007 draws more attention, I'm seeing more people asking questions about Entourage and Exchange 2007.

The answer comes in two parts:

• Entourage uses WebDAV to access public folders (and mailboxes, for that matter) on an Exchange server. WebDAV is fully supported for public folder access in Exchange 2007. It works great; I use it daily with three different Exchange servers.
• OWA 2003 includes its own code that uses WebDAV to access public folders. There is no equivalent code in OWA 2007, so it can't display public folder contents. If and when MS adds such code to OWA 2007, that will have no impact on Entourage because Entourage doesn't use OWA to render public folders, it uses WebDAV.

Hopefully this will help clear things up somewhat, but (as John Welch has repeatedly said) it would be great to see an official statement from MS on this.

Wow, Matt Stehle may have just become my favorite Microsoft employee. He's posted a long list of Exchange Web Services samples, some of which are very interesting (this is my current favorite since Entourage can't do it yet).

Technorati Tags: Exchange 2007

Back in September I wrote a pair of columns about how Exchange 2007 uses certificates. In it I pointed out the utility of having multiple subject alternative names, or subjectAltNames, in a single certificate; doing so allows you to have a single cert that works with autodiscover.yourdomain.com, mail.yourdomain.com, and the real underlying FQDN, all in one cert. Unfortunately, as far as I can tell no commercial CAs will actually issue such a certificate.

However, I got mail today from Andrew Codrington at Entrust. They've just introduced a new "unified communications certificate" as part of their partnership with Microsoft. The UC cert includes 10 subjectAltNames, with the option of adding 3 more for an additional $99. Good deal? Maybe; the 1-year cert price is a whopping $599. Still, that's certainly cheaper than buying 3 standard Entrust certs @ $159 each when you factor in the time and labor required to obtain and install them. More on this later...

Technorati Tags: Exchange 2007

For the last few weeks I've had an odd problem with mail sent from my Treo. The solution ended up being unexpected.

I carry a Treo 700w pretty much everywhere I go. It's connected via Exchange ActiveSync to my home Exchange server and via IMAP to my server at 3Sharp. Combined with Entourage (and Pocket Outlook's ability to accept a meeting invite on an IMAP account and put it in the main calendar) this gives me on-the-go access to pretty much everything I need. However, since December or so I haven't been able to send from my 3Sharp account to some recipients, or so I thought.

This morning I finally got irritated enough to figure out what the problem was. Turns out it was the GRYNX greylist tool Devin implemented back in November. For some reason, it had decided that mail coming from some IPs (including the entire Verizon Wireless network) should be greylisted if the message contained more than one recipient. I guess this was expected behavior, since that's what a greylisting tool does.

The oddest thing is that I'd get an NDR message on my Treo telling me that there was an invalid recipient and that the message had been filed in the Drafts folder. This was a result of Pocket Outlook attempting to be helpful, but its message didn't really tell me what I needed to know.

I verified that this was the problem by using telnet from my desktop to log in, issue AUTH LOGIN, and try to send a message with one recipient-- worked great. I then did the same thing with two recipients and boom! I got grey. The fix was trivial: I had to add my sender address to the greylist whitelist (huh? did I just say that?) and now mail is working properly.

I recently needed to move 3 OST files from one disk to another, and for the life of me I couldn't figure out how. A quick search netted this article, which explained it all: you have to disable cached Exchange mode and block offline use for the OST, then move it. Clear as mud.

Very cool news from Microsoft on Friday: they've released the production version of the Exchange Load Generator (LoadGen) tool, formerly codenamed "Swordfish". There are 32-bit and 64-bit versions available, both of which include documentation. LoadGen is a major change from the older LoadSim tool, in that it's tailored to better reflect actual performance of Exchange 2007 + Outlook 2003/2007. Kudos to Jeff Mealiffe and his team at Microsoft for this release (and thanks to Jessie Zhu, who helped me figure out how to effectively use it!) Look for more on LoadGen in this week's Exchange UPDATE newsletter.

Technorati Tags: Exchange 2007

MVP Jeff Centimano asked a good question on a private mailing list about why he couldn't get his 32-bit test server to fetch automatic anti-spam updates from Microsoft Update. Answer: that functionality is purposefully disabled in the 32-bit builds, since they're not supported for production use. Scott Schnoll has a great blog post that describes the other differences between 32- and 64-bit Exchange 2007 (plus the differences between Standard and Enterprise).

Bill Gates has a new job. Dial 425 707 7500 to find out what it is.

Just got a press release from MS' PR firm: Exchange 2007 releases to manufacturing tomorrow, 8 December. (So does Forefront Security for Exchange server, btw). Happy news! Congratulations to the team.

Technorati Tags: Collaboration, Exchange 2007

I still haven't had time to play with configuring Asterisk to work with Exchange UM, but luckily other folks have. Alan Dutton has just posted instructions on how to connect Asterisk to Exchange UM. The configuration looks fairly straightforward, by Asterisk standards anyway. I look forward to testing it; eventually I'll have to go back and update my old post on the topic. Well done, Alan.

Ryan pinged me because he was getting this error on a test Exchange 2007 VM today. I hadn't seen it before, but asking some smart friends quickly produced a reasonable answer: this is the message an Exchange edge or hub transport server produces when it's low on RAM or disk space. How low? You'll get this if you have less than 4GB free on the queue volume. That seems like a lot, but given how large disks on transport servers are likely to be, it's probably reasonable. Anyway, freeing up more space on the queue volume solved the problem, so I'm blogging it for the next person who runs into the same error.

Technorati Tags: Exchange 2007

I missed this first time around, but thanks to the power of NewsGator I got a second chance. Ed takes a critical look at Gartner's new report about Exchange 2007. Ed said a couple of things that got me to thinking.

First up: Gartner said "We believe integrating voice mail with e-mail creates business efficiencies via common access and command services, and that it will become a cornerstone of the unified communication and collaboration movement." Ed said:

Maybe it's just me, but I don't get this. I hate voicemail, and the fact that e-mail and instant messaging have replaced it over the last few years has been a most welcome development. Why would I want anyone to do anything that encourages more of it?

Well, first off, if Gartner is praising something that you don't have, it's natural to downplay its utility. However, Microsoft is making a choice play here. If you want to use voicemail as a peer to IM and e-mail, you can. If you want to get e-mail on your phone, you can. If you want to save money by consolidating your voicemail infrastructure, you can. If, like Ed, you hate voicemail and want to avoid it, now you can deal with it without ever picking up a telephone; from your desktop client or Web browser, you can see who called you and listen to the messages when necessary. The point is that MS is making these things possible as a fully-supported part of the product, not a separate (and poorly integrated) add-in. In the comments to Ed's original post, Henry Ferlauto offers some excellent reasons why unified messaging is cool, including unifying the inbox and providing CYA/evidence tracking.)

Second, Ed says

It's interesting how many customers seem to be listening to Microsoft's pitch for Exchange 2007, with its emphasis on unified messaging, without accounting for this additional cost. Microsoft is smartly using the halo of the Exchange brand, but the reality is they are pitching a new product at a substantial cost as the main innovation of this supposed-upgrade.

But that's the beauty of Microsoft's approach! If you don't want or need voicemail capacity, you don't have to pay for it. If you don't want or need the other items in the enterprise CAL, don't buy them. If you only want hosted filtering, for example, just buy it from EHS and ignore the bundling option. Given that IBM has a large number of add-ons for mobility and wireless, IM integration, and other features that are included in Microsoft's core collaboration products, I would think Ed would welcome this pay-as-you-go approach.

Ed does have a legitimate point about Gartner's upgrade numbers. In my experience, most analyst firms, and even software vendors, routinely miss upgrade market share predictions. I suspect that Gartner is going to miss low, and that more than 40% of the Exchange installed base will be on 2007 in the three-year window they predict. We'll have to wait and see, though.

Technorati Tags: Exchange 2007, Unified Messaging

Not much activity on the UM front lately, as I've been moving into my new office in what used to be the attic. This is a huge upgrade, so I decided to upgrade my phone from my old AT&T deskset to a Mitel 5340. This required me to do several things.

First, I relocated the Mitel 3300 and Intel PIMG to my equipment rack on the other side of the basement. I ran a single silver-skin phone line to it for my work phone line (xxx-xxx-8308). I interconnected it with the house network and verified that I had connectivity to the upstairs office. The upstairs drop is actually plugged into one of the power-over-Ethernet (PoE) ports on the 3300cxi so the 5340 can get power.

Then I moved the 5340 upstairs; that was simple enough. It has a jack on the underside that acts as a passthrough, so the 5340's plugged into the wall, and my desk switch is plugged into the 5340. Unfortunately, the 5340 only passes 10Mbps out, at least according to my switch. No big loss for my environment.

Then the fun began. From the minute I plugged the 8308 line into one of the LS (loop-start) ports on the back of the 3300, I could place outgoing calls by lifting the handset and dialing 9. So far, so good. However, the phone display said "ANALOG", which wasn't really what I wanted. The label for that display comes from the trunk service assignment name, which you can change. There's a separate option in the class of service ("Display Dialed Digits During Outgoing Calls") that fixes that.

My basic setup is this: three handsets at extensions 5001, 5002, and 5003, plus two analog lines ( xxx-xxx-8305 and xxx-xxx-8308). My desired end state is to have both analog lines ring all 3 handsets, e.g. just like a POTS phone would. That way I can answer either line from anywhere. So far, I've gotten 1 line to ring 1 handset, which is progress. Here's how:

1. I created a circular hunt group, 5000, using day and night COS 1.
2. I modified trunk service assignment for trunk 9 (the 8308 LS line) to have a non-dial-in answer point of 5000.
3. On the multiline key set assignment page, I assigned handset 5001 button 2 to be label 8308, type key system, ring type ring, button DN 5308.

At that point, I had a new button on the handset labeled "8308". When I placed an incoming call from my cell phone to xxx-xxx-8308, my conventional wired phone would ring, but the deskset connected to the 3300 wouldn't. I then went back and modified the trunk service assignment answer point to be 5308, vice 5000. That did the trick.

I still have to hook up 8305, then verify that the hunt group sends 8308 to the other handsets. Once that's done, I'll be in pretty good shape, and it'll be time to configure the PIMG to start answering 8308.

(I'd like to say I figured this all out myself, but that would be a flat-out lie. Thanks to the friendly folks on the Mitel forum at tek-tips.com!)

Technorati Tags: Mitel, Unified Messaging

One acronym you'll see a lot in the UM world is "class of service", or CoS. A class of phone service is just a set of options-- think of it like a group policy object. The Mitel 3300 lets you define multiple CoS objects, then assign them in various combinations. For example, you can define a day CoS that has one set of behaviors, then a night CoS that acts completely differently (perhaps it turns off inbound ringing, or disallows all outbound non-emergency calls). You can define multiple CoS objects and assign them to different extensions, and there are different types of CoS for handsets, trunks, and other various types of objects.

Technorati Tags: Mitel, Unified Messaging

What happens in Vegas stays in Vegas, except when I blog it!!

Right now, I'm in the main ballroom at the Mandalay Bay, waiting for David Lemson to start his Exchange session keynote.

8:09: Talk about each of the areas where we decided to put features into the release. 4 more sessions this afternoon covering mobility, admin, transport, and how to get started on deployment. Show of hands: who's installed a beta build of Exchange 2007? About 25% of the audience. Some of the things shown today aren't in the beta.

8:19: core focus in Exchange 2007 in 3 areas: built-in protection, anywhere access, operational efficiency. Familiar slide, as it's been the leadoff for most tof the MS presentations since Jan 06. Comparisons between Exchange 2003 and Exchange 2007 in various areas (HA, etc). DAS instead of shared storage for clustering brings huge savings in many environments.Nice change: 14-day deleted item retention out of the box. Restore any database to any server via recovery storage group because all servers are in same admin group.

8:22: move-user-configurationOnly cmdlet: rehome a user's mailbox very rapidly. Nice feature; I didn't know about it. New best practice: do weekly full backups from the passive cluster node, coupled with CCR. No more daily backup requirement. "Big burrito": nifty chart: same hardware and user load. 0.6 IOPS Exchange 2003 4GB, 0.32 IOPS Exchange 2007 4 GB, 0.13 IOPS Exchange 2007 8 GB: 78% fewer IOPS/user. (Ed: this is pretty sweet! 4GB of RAM is much cheaper than disk spindles.)

8:28: new compliance approach: create managed folders, then users move mail they need to keep into managed folders. Delete everything else! (Ed: this puts the onus of figuring out what to keep on users-- many of whom will hate this.)

8:32: automatic Kerberos and TLS for all internal server-to-server mail, with automatic/opportunistic TLS (ed: finally!) "Domain Authenticated" e-mail uses mutual TLS, but no real details on how this works. Pre-licensing for RMS prefetches RMS use license on the hub transport server-- useful feature for travelers.

8:40: demo of Outlook safe sender aggregation.

8:45: slight error in Forefront slide: he says you can have 7 concurrent AV engines, but you can only run 5 at a time (out of the 9 available). Recovery PIN for mobile devices lets you unlock a mobile device by getting a recovery PIN from within OWA-- new post-TechEd feature. Exchange UM demo, which went better than any of mine ever did thanks to a better audio setup (and a better presenter :)) Screenshots of OWA, mobile device, and Outlook search: same search experience, driven by new, faster content indexer.

8:55: calendaring improvements, including the availability service. Eliminates calendar latency by allowing auto-tentative-acceptance of meetings. (Ed: this is one of my favorite features so I'm glad to see it getting some play!) Built-in resource booking. Scheduled OOF with rich text. Set OOF from a Windows Mobile device. Internal vs external OOF, with separate messages. "LinkAccess" provides admin-controlled access to UNC paths and SharePoint sites throuh OWA or from mobile device.

9:01: "open as web page" document transcoding: doc attachments converted on the fly to HTML (with pretty good fidelity). Better embedding of OWA in SharePoint. Now we're down to the feature grab bag: improved ExBPA,

Big finish: RTM in December. 80K mailboxes in production at MS, all inbound mail filtered by Exchange 2007. December or bust!

I was really excited to see a huge new set of guides for configuring various PBX systems to work with Exchange UM. However, once I started looking at the configuration notes, I found that they're still pretty basic (and in some cases empty). However, it's encouraging that Microsoft is planning to work with its partners to get better configuration guidance out there.

Sometimes you actually want one account to have access to all the mailboxes in a database, on the store, or in an organization. In Exchange 5.5, you could just use the service account; in Exchange 2000 and Exchange 2003, you have to resort to various kinds of tomfoolery. In Exchange 2003, the Domain Admins and Enterprise Admins security groups (and the built-in Administrator account) actually have an explicit deny ACE that prevents you from using these accounts to gain service access. What about Exchange 2007?

Today I powered up and configured the Intel/Eicon PIMG gateway, which links the Mitel 3300 ICP with Exchange 2007. However, this has exposed a major structural problem.

My current office is divided into two halves: in one half, I have a shelving unit that has the 3300, all of my servers, and some related stuff-n-junk (like a KVM switch, an old Dell keyboard, and an ancient 17" CRT). In the other half, I have my main network switch, my phone panel, and my work machines. Both sides are already networked together, but:

• the 3300 can provide Power over Ethernet (PoE) to the Mitel phones, without which they won't work. (Mitel makes a desk sled that powers the phones but I don't have any of those).
• I need to run two analog lines from the phone panel to the 3300, then back again; the ASU in the 3300 will let it answer the analog extensions and do call transfer, forwarding, etc. between the digital and analog lines-- very cool
• I really need a phone on my desk
• The 3300 is way noisier than any other piece of equipment in my office

Thus I get to choose between "lots of cables on the floor" or "unrelenting fan noise". Not a great choice. In a couple of weeks when my upstairs office is finished, the question will be moot, so for now I'm going to leave the 3300 where it is and run one long net cable to it so I can power a desk phone. Analog line integration will have to wait for now.

Technorati Tags: Exchange 2007, Mitel, Unified Messaging

Yes, it’s that time of year again! Even though we haven’t even started the fall 2006 Exchange Connections show, I’m already looking for session proposals for the spring 2007 show (1-4 April in Orlando-- finally, a time that coincides with my kids' spring school break!).

Our goal is to have about 50% coverage of Exchange 2007, Office 2007, and SharePoint 2007 and about 50% on Exchange 2003, Office 2003, and related topics like Live Communications Server, deployment, and security. We're interested in sessions that cover all aspects of Microsoft's communications and collaboration stack: security, development, management, operations, migration, and integration.

If you're interested in speaking, please send me 3-5 short abstracts and a brief speaker bio. I need these by EOD Wednesday, November 1. (Thanks to Nino for correcting the date!)

Technorati Tags: Exchange 2007, ExchConn

Great post at the Exchange team blog covering how server and recipient filtering work in the new Exchange Management Console. Don't confuse this kind of filtering with recipient filtering in the anti-spam stack; same name but two entirely different things.

I'm a satisfied GoDaddy customer, but I'm a little unhappy with them at the moment. This morning, I tried to buy one of their 6-in-1 SSL certificates. Why? I wanted to be able to use one cert for autodiscover.robichaux.net and mail.robichaux.net. I figured the 6-in-1 would let me do so because the wording on the 6-in-1 order page says you can register up to six matching domains. I figured that they'd allow multiple subject alternative names, which is what I wanted. What they actually mean, though, is that you can register the same domain in up to six different TLDs... not quite the same thing. I really don't want to buy a wildcard cert; I think I'll probably just stick with the self-signed cert if I can't buy an inexpensive cert with multiple subject alternative names.

You may have been wondering how Microsoft's going to package (or, to verb a useful noun, SKU) SharePoint 2007. The official SharePoint team blog has the answer, sort of. The article links to a nifty spreadsheet that covers the primary differences between SharePoint 2003, SharePoint Server 2007, and the various SKUs of SharePoint 2007. Worth reading if you follow SharePoint as a collaboration technology.

Over at his InfoWorld blog, Dave Rosenberg makes an awfully interesting assertion: Zimbra's well on the way to becoming a billion-dollar business. However, he uses some way faulty math to get there: he takes at face value Zimbra's claim of 4 million paid mailboxes, then multiplies it by the $25/mailbox MSRP to get an annualized revenue of $100 million. From there, hey, it's only an order of magnitude to get to $1 billion, right?

During Exchange setup, one of the questions you have to answer is whether there are any pre-Outlook 2007 clients in your environment. (I wrote briefly about this before in the context of Office Communicator.) However, do you know what happens when you click "yes" or "no"?

If you click "yes", the setup program will create a public folder database, in which you'll find the familiar Schedule+ Free/Busy and Offline Address Book folders. This shouldn't be a surprise; Outlook 2003 and earlier versions require these folders, so you'd expect Exchange to create them. If you click "no", the public folder database isn't created, so pre-Outlook 2007 versions can't get free/busy data or download the OAB. However, what I didn't know until today is that the Exchange store will also block MAPI connections from older versions of Outlook when you say "no". Why? Because if those clients did connect, they'd have a terrible experience, with no free/busy or OAB support. To reduce the support hassle for themselves and Exchange 2007 admins, MS decided just to block the connection. To fix this, just add a public folder store to your server and voila! you're golden.

I've been busy with a raft of other projects, but yesterday I finally unboxed the Mitel 3300 and the Intel/Eicon/Dialogic gateway and stacked them on my equipment rack. (Disclosure: it's not a rack, it's a shelving unit. Deal with it.)

The 3300 CXI that I have includes a ton of options and optional hardware. I don't know enough about Mitel's product line to distinguish between what's in this box versus what you typically get when you buy one. However, this unit includes the PRI module that you need to talk to the PIMG, and it includes an Analog Support Unit (ASU) for connecting to analog phone lines. It also includes the software entitlements for embedded voice mail, wake-up calls, and a bunch of other nifty features that a) I don't know how to use and b) probably won't be writing about.

I've already done one Exchange 2007 UM deployment for a customer who wanted it set up in their lab. However, now I'm branching out and deploying it again... at my house.

Mitel was kind enough to loan me a 3300 ICP to use as the centerpiece of my system, along with a couple of IP phones (including the verrry cool Navigator). Along with that, I have an Intel PIMG gateway, my trusty Exchange 2007 server, and a large stack of notes and screenshots on how to get everything working together.

Over the next few weeks, I'll be setting everything up and documenting the experience, both here and in a forthcoming e-book on setting up Exchange 2007 UM and Live Communications Server 2005 with Mitel hardware. Stay tuned for more details! (One valuable tidbit: the status lights on the 3300 are supposed to be red during normal operation-- a bit of a change from what we usually expect in hardware!)

Wow, I'm not sure how I missed this (but it did end up in my "to blog" folder, so that's something!) The team at Microsoft that covers Notes application coexistence and migration has a really cool example of how Notes can work with Microsoft applications: you can get and show presence information from Communicator within Notes applications! How cool is that?

The Forefront Security family of products supports using more than one scanning engine at a time. This is a big advantage, since it adds a significant degree of protection against new threats. This support is coordinated through the Forefront Security Engine Manager, which provides administrators with tools for monitoring the status of installed engines, controlling which engines run, and adjusting the actions Forefront takes when an engine needs to be updated or fails during operation.

Forefront can make use to up to five engines at a time. Perhaps coincidentally, the standard edition of Forefront includes five engines:

• The Microsoft antimalware engine, based on technology Microsoft acquired when it purchased GeCAD in 2004
• The Computer Associates (CA) Vet and InoculateIT engines
• The Norman Data Defense engine
• The Sophos Virus Detection engine

If you buy the Exchange Enterprise Client Access License (CAL), you also get to use four additional engines included only with the Enterprise CAL: AhnLabs, Authentium’s Command Antivirus engine, Kaspersky Labs’s engine, and VirusBuster AntiVirus. During installation, Forefront randomly chooses a set of four engines; administrators can use the suggested combination or pick a different set.

In a future post, I'll have a lot more to say about which engine combinations make the most sense for different uses.

If you've used Office Communicator, you may have noticed that it doesn't allow clickable hyperlinks. This is a reasonable decision by MS made to limit the spread of malware that uses IM as a transport, but it's still a pain in the butt for many environments, including us. Doug has the solution: a simple registry change will restore links to full click-a-bility.

Dear Ed,

I've been fortunate to be one of the conference chairs for Exchange Connections for a couple of years now. This year's show will be especially good for several reasons:

• Lots of Exchange 2007 content: some from Microsoft, some from industry experts like Pierre Bijaoui, Kevin Laahs, Devin Ganger, and Jim McBee
• It's co-located with Windows Connections and a host of other DevConnections offerings (including conferences on ASP.NET and mobile devices, two popular topics in the MS world)
• It's in Vegas. Duh.

As a regular reader of (and commenter on) your blog, I know that you're is well-acquainted with Microsoft's marketing and positioning for Exchange. However (and forgive me for saying so) I think you and your readers might benefit if you understood the technology behind Exchange a little better. Heaven knows I see people posting howlers at your site occasionally. Thus this invitation: come join us in Vegas!

Your travel schedule says you're going to be in Alberta. HP and US both have direct flights YEG-LAS for around $200. As conference chair, I'll comp your registration, and you can wander around and talk to people-- attendees and speakers alike-- to get their unvarnished feedback on the good and the bad about Microsoft's 2007 product lineup. It's the same reason MS always sends people to Lotusphere and IBM sends people to TechEd, only with a very different audience and vibe.

Just drop me some e-mail and I'll get your registration processed. Heck, I'll even buy you dinner.

It looks like there will be 3 separate Microsoft Certified Professional (MCP) exams for Exchange 2007; MS is revamping their exams as part of the move from the MCSE to the new Microsoft Certified IT Professional (MCITP) certification. However, they don't seem to have released any more details on the exams, which is a little disappointing given how close we are to the product's launch. Hopefully they'll publish the exam syllabus fairly soon so we can all start studying :)

In my experience, Exchange's message tracking functionality is pretty darn useful. I don't use it often, but when I do, it's a great timesaver. However, the existing Exchange 2003 GUI is a little clunky; sometimes it would be nice to be able to quickly get the status of a message directly from the command line.

Nice to see IBM getting with the program; they've just relaunched the Domino team blog. I hope it focuses on substantive technical information (like the Microsoft Exchange team blog) instead of marketing argumentation; we have enough of that already.

Technorati Tags: Collaboration

Back in May, an attendee at one of my webcasts asked if I could point her to a script for querying mailbox sizes on a set of Exchange servers. I flagged her message to remind me to answer it and (drum roll) am just now getting to that folder of flagged items.

So, the answer is: you can start with this script from Michael B. Smith; it will give you the mailbox size information without touching the last login date on the mailbox. It doesn't constrain output to a range of dates, but that should be a fairly simple addition.

I'm a big fan of Microsoft's "IT Showcase" series, which highlights how Microsoft uses its own technologies (aka "eats its own dog food", or just "dogfoods") to solve business problems. I didn't know they'd expanded the showcase to include podcasts, though. This episode covers some of the key points of Microsoft's spam, virus, and e-mail security infrastructure. Pretty interesting stuff, including a discussion of how they're using Exchange 2007's Edge Transport role as their primary perimeter system.

Microsoft's Walter Stiers posted this on his blog last week, and I'm just now getting around to it. The bottom line: you can get some Microsoft-led online Exchange 2007 training for free by hitting the Exchange learning portal. This is a great deal for IT folks and a good move for MS-- it's often difficult to get training into a budget this late in the year.

As a follow-up to last week's post on public folders and SharePoint, Liam Cleary has a pretty good walkthrough that covers the process of setting up SharePoint document libraries and records archives so that they can directly accept items mailed to them. I haven't had a chance to play with this yet, but it's an important part of Microsoft's arguments around migrating to SharePoint from Exchange public folders, so it's definitely on my radar.

Oh, bother.

I got a testy e-mail from Shane Keats of McAfee asking us to remove SiteAdvisor from the study, based on his claim that SiteAdvisor isn't an anti-phishing toolbar. I wrote a detailed response, in private e-mail, and was prepared to leave it at that.

However, Mr. Keats cried "foul" to InfoWorld and on the IE blog, saying that including SiteAdvisor is "silly and wrong. We don't claim, anywhere, to offer phishing protection. In fact, we're pretty explicit that we don't."

I'll admit to sometimes being silly, and I've certainly been wrong before, but I think in this case it's fair to include SiteAdvisor. Here's why:

• The SiteAdvisor.com home page contains this text: “McAfee SiteAdvisor also complements and enhances your existing security software by detecting threats which traditional security products often miss, including spyware attacks, online scams, and sites that spam you”. I think a reasonable person would likely interpret the reference to “online scams” as including phish.
• Question 2 of the SiteAdvisor FAQ page says “SiteAdvisor is a consumer software company dedicated to protecting Internet users from all kinds of Web-based security threats and annoyances including spyware, adware, unwanted software, spam, phishing, pop-ups, online fraud, and identity theft.” This definitely seems to represent SiteAdvisor as an anti-phishing tool.
• Mr. Keats included a partial quote from this support article: "SiteAdvisor's software does not currently provide automated or real-time phishing detection". However, the full text of this article explicitly says that user reports of phish sites are reported by SiteAdvisor. In our report, we didn’t distinguish between tools that use automated reporting and those, like SiteAdvisor, that can incorporate user-generated reports.
• On August 3rd, I spoke via phone with both Craig Kenwec of McAfee and Scott Van Sickle of Global Fluency, a PR agency that handles client-security PR for McAfee. Both of them told me that SiteAdvisor incorporates anti-phishing functionality.

Technorati Tags: 3sharp, phishing

Microsoft pointed to our study from the IE blog, where there are already several comments, including this one from "Sheep and Duck":

3Sharp was founded in 2002 by three friends: Paul Robichaux, Peter Kelly, and John Peltonen, all experts in their respective fields. Their goal was to establish a company that could demonstrate the robustness, flexibility, and sheer native capabilities of the Microsoft communication and collaboration technologies. By working closely with Microsoft's Information Worker Group, 3Sharp has always been able to stay on the cutting-edge of the Office System technologies.

http://www.3sharp.com/about_us.htm

Somehow I don't trust this "study".

To which I say:

Sheep and Duck, I understand why you're skeptical. No matter who commissioned the study, *someone* would distrust the results on that basis alone. However, I think if you read the report, you'll see that we have been transparent about our test methods and the data we used for the test. If you read the report and still have questions, feel free to contact me via e-mail (paulr@3sharp.com) or my blog (www.robichaux.net/blog) and I'll do my best to address them.

The report even says that the actual scores of which product blocked or warned on which URLs is available from us on request. It's hard to be much more transparent than that!

The folks over at mozilla links also asked a good question that I should have addressed in the FAQ: because some of the URLs came from a feed generated by opt-in Hotmail users, does IE have an unfair advantage? The answer is "no", because the feed we used wasn't incorporated in the data feeds that Microsoft uses for the Phishing Filter.

Technorati Tags: 3sharp, phishing

When we started working on "Gone Phishing", I anticipated that I'd get some questions, so I've been keeping a running list of things that I expect to be FAQs.

Q: What's unique about your study?
A: As far as we know, no one's done a public study that directly compares multiple products against a meaningful number of URLs. Most of the evaluations that have been put out there are anecdotal and only used a few URLs.

Q: What did you test?
A: We took 8 anti-phishing products (including the Netcraft toolbar, IE 7's Phishing Filter, Google's Safe Browsing for Firefox, Netscape 8.1, GeoTrust TrustWatch, McAfee SiteAdvisor, the eBay toolbar, and EarthLink's ScamBlocker) and ran two sets of tests: one to determine how good each technology was at catching known phish, and one to see how many mistakes each made on known-good URLs.

Q: Who won?
A: IE 7 came out best overall, with a score of 172 of a possible 200. Netcraft was a very close second, scoring 168/200. For the rest of the scoring, see the report.

Q: Microsoft commissioned the study. Isn't it biased?
A: No. 3Sharp, not Microsoft, designed the methodology, picked the URLs, and ran the tests. The report includes a complete discussion of how we did this, and even lists of the URLs we tested. We believe our methodology is sound and we're being 100% transparent about how we got the results we did so that others can duplicate the results if they like.

Q: How'd you decide who won?
A: We calculated a composite accuracy score for each technology. This score combined the product's performance at blocking or warning phish with its accuracy in not blocking or warning on legitimate URLs. Each technology earned points for correct blocks/warns and lost points for bogus blocks/warns. (See p10 of the report for the full scoring formula). A product that blocked all 100 phish and none of the 500 good URLs would score a perfect 200; a product that didn't block anything (e.g. IE 6, Safari, Firefox 1.5, Opera, etc.) would score 0.

Q: 200? I thought there were only 100 phish.
A: We used 100 live phish and 500 known good URLs for the test. However, our scoring formula counts 2 points for a block and 1 point for a warning-- so if product X blocked all 100 phish, it would score 200.

Q: Why'd you decide that a block should score twice as much as a warn?
A: Users have increasingly become conditioned to ignoring security warnings. In our view, stopping someone from going to a potentially dangerous site is better than suggesting that they not do it.

Q: What URLs did you use?
A: We gathered 100 phish for the tests; we did this by using several data feeds, scanning them using regular expressions, and then manually culling out the real phish. We tested each phish by hand to make sure that it was still live before running our tests, then we manually tested each phish in each technology and scored the results. Each phish was tested within 48 hours of its arrival to make sure it was fresh (or is that "phresh"?) See appendices A and B of the report for a complete list. For the known-good URLs, we took a set of 500 randomly selected URLs from our data feeds, then manually checked them to make sure they weren't 404.

Q: Why didn't you test <my favorite product>?
A: We had to take a snapshot of available products at a point in time. We couldn't test all of the products, and we couldn't go back and re-do the tests every time one of the technologies got updated. For example, EarthLink released an update to ScamBlocker during our test period, Mozilla released Firefox 2.0 (which includes anti-phishing features) recently, and Microsoft has updated IE 7 twice since the tests. Because phish have such a short lifetime, we couldn't go back and re-run the tests.

Technorati Tags: 3sharp, phishing

Over on Ed's blog, he's been talking about how the battle between IBM Lotus and Microsoft isn't about e-mail. In the comments, I pointed out that both sides want the battle to be about their broader platform... but many customers still think it's about messaging and calendaring, and they see the debate in those terms. That may be because they're more familiar with messaging and calendaring tools, or it may be because (despite protestations to the contrary) many Notes shops aren't using all the collaboration functionality that they paid for (and have to manage).

Want to try Exchange 2007 Unified Messaging? Microsoft is working with a set of select partners to sell a "trial kit" with the hardware you'll need. Rather, they're selling some of the hardware you'll need: an AudioCodes gateway that will link up to 4 analog phone lines with your Exchange UM server via Voice-over-IP. That gives you Outlook Voice Access, play-on-phone, and the Exchange automated attendant. You also get two hours of phone support, which you'll probably need to set up the gateway.

Message tracking is an immensely useful Exchange feature that makes it simple to see each place where an inbound or outbound message was touched by an Exchange component. Mark Arnold had a good post back in August about some nifty message tracking tricks you can do with the set-transportServer task, but he left out the most important one (IMHO): how do you turn on subject-line tracking?

I meant to blog this a few weeks ago, but I forgot. Thankfully, Outlook 2007's To-Do Bar helped remind me, as I'd flagged it for followup. One of the most common questions I see from people who have just installed Exchange 2007 for the first time involves the hub transport role's behavior when receiving Internet e-mail. Wonder why it's rejecting your messages? Wonder no more; Bharat has a good explanation.

A good question over on the Exchange 2007 TechNet forums: where is the Exchange 2007 version of loadsim? The answer is simple: you can't have it yet :) There is a new Exchange 2007 version of loadsim, codenamed "Swordfish". The comments here say that Swordfish will ship about the same time as Exchange 2007. However, you're not out of luck in the meantime.

Joel Oleson has an interesting post on the differences between Exchange public folders and email-enabled lists in WSS v3/MOSS. He was kind enough to point to my column discussing migration tools, too. I pointed out Joel's post for a simple reason.

Now here's something I'm looking forward to playing with: a Windows-based IP PBX! 3CX offers two versions: the free version and an enterprise version. It looks like the primary differences between the versions are that the enterprise edition has product support and will have Exchange integration, although they don't specify how it will integrate with Exchange. I've got a query in to the PR folks who sent me the release, and I'll post the answer I get.

When your Exchange unified messaging server logs event ID 1082, what do you do?

The first step in answering this question is understanding what event ID 1082 means. The error message itself is pretty clear: "No Hub Transport server available to process header file C:\Program Files\Microsoft\Exchange Server\UnifiedMessaging\voicemail\70683b04-5e47-4d24-a143-1cf331a4f121.txt.". If you look in the referenced directory, you'll probably find a bunch of pairs of files, with each pair consisting of a .wav file that contains the actual voicemail plus a .txt file that contains routing information.

I've seen several queries in various fora about using Entourage with Exchange 2007. I've been using it for a while and have had absolutely no problems. There are a couple of issues to be aware of, though.

My main man Dave Goldman just released a new version of his extremely useful oabinteg tool. Oabinteg is very useful for identifying problems with the offline address book generation process; I used it (along with some helpful suggestions from Dave) to pinpoint a problem with OABs with Exchange 2007 against an Office 2003 client running on Vista RC1. Most admins find that OAB generation just ticks along in the background, never calling attention to itself; however, it never hurts to run oabinteg to see what's happening under the covers.

Last fall, I had a lot of fun writing a "top 10" list of availability principles and tips for Exchange. Part of the fun was that I got to work with fellow Exchange MVPs Ben Winzenz and Chris Scharff, along with some other cool folks at MessageOne. The list came out as a nifty little pocket guide, printed on heavy glossy paper with a slick cover. MessageOne was giving them out at various trade shows. Turns out that now Windows IT Pro is making the guide available too as a download (registration is required.) You might also find some of these other whitepapers interesting, too.

I thought I'd blogged about this before, but apparently not. I've gotten a few questions at roadshow events about how the Exchange Unified Messaging server role scales. Now, it's not entirely fair to ask scalability questions about products that are still in beta because the answers are almost guaranteed to change (and hopefully for the better). However, in discussions with Microsoft's Michael Khalili, I understand that the current guideline is that a single server should be able to handle 80-100 concurrent calls (the direction doesn't matter, whether inbound or outbound). If you co-locate the UM role on another server, you may be able to handle fewer calls, but as with so many other scalability questions, the ultimate answer is "it depends".

Observationally, I've been able to easily handle 4-5 concurrent UM calls on a 32-bit VM running as a UM / mailbox / CAS / hub transport server. I'm sure once Microsoft IT rolls out Exchange UM across the company they'll be publishing one of their nifty "IT Showcase" white papers that describes in detail what their architecture looks like.

Update: forgot to mention Michael Wilson's excellent post on the number of users you can put onto a UM server.

Two years ago, I wrote a Troubleshooter Q&A about turning on read receipts in OWA. I just noticed the reader comments, which aren't very nice; they complain that I didn't actually include a description of how to do it for Outlook. (In fairness, if you search for "Outlook force read receipt" my article comes up near the top.)

So, the answer: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Preferences\ReadReceipt, a REG_DWORD, controls this. Set it to "1" and Outlook will request a read receipt for every outbound message. Problem solved!

I was working on a project that involved a unified messaging server, and I wanted to find out which users had been enabled for unified messaging. I thought this would require me to use the get-user cmdlet and search for a particular attribute, but it turns out to be easier than that. All I needed was get-UMmailbox. Unfortunately, it doesn't work as documented-- I was expecting get-UMMailbox to give me a list of only those mailboxes that were enabled. However, I only wanted the enabled ones, so a quick get-ummailbox | where {$_.UMenabled -eq $true} promptly gave me what I wanted:

Ryan IM'd me to ask where the Exchange SMTP pickup directory went in Exchange 2007. Good question; it did indeed move, as part of the overall move away from the IIS core services that Exchange 2000 and Exchange 2003 used. The Exchange 2007 pickup directory defaults to c:\program files\microsoft\exchange server\transportRoles\pickup. (Note the space in "Exchange Server" and the lack of one in "transportRoles"). Drop your message in there and away you go. You can also use the Set-TransportServer cmdlet to set some pickup-related parameters, including where the directory is and what size messages it can accept.

Did you know that you can get the Exchange Intelligent Message Filter (IMF) to use per-server gateway thresholds? If not, don't feel bad; lots of other admins don't know that either. Evan Dodds blogged this in September 2004; he recently mentioned that he wasn't aware of any other place that this setting was documented, so I decided to give it a freshness bump because there are still lots of people who apparently don't know about it.

I was surprised to see a letter to the editor in this month's Windows IT Pro complaining about the magazine's lack of Notes and Domino coverage. The writer is right; I don't think I've ever seen an article about Notes or Domino in the magazine, and I've been reading it since it launched 10 years ago (and writing for it nearly that long!) (And occasionally, when I mention Domino or Workplace, everyone complains...)

Via Jack Dausman, news that IBM's released the first public draft of their redbook on migrating from Exchange 2003 to Domino. It probably deserves a book review, but I don't know if I'll have time to get to it for a while yet.

Nathan Breskin-Auer has a great summary of the "light" version of Outlook Web Access 2007 at the Exchange team blog. I'm disappointed that there isn't a Tasks module in OWA light, since I use both tasks and Macintoshes heavily.

I'm also disappointed that Microsoft isn't going to certify OWA Premium for use with Firefox. This may seem odd, given that I'm not a huge Firefox fan. I understand that it's a resource issue; the OWA team chose to spend their efforts on adding features instead of adding support for a browser that is lightly used (if at all) within their target customer base. However, not shipping Firefox support is bad for three reasons:

• it belies the power of OWA's AJAX implementation, which would work well with any modern AJAX-capable browser.
• Microsoft's competitors (including Domino Web Access, Zimbra, and Scalix) support Firefox
• The education / university market has lots of Firefox adoption, and it's also a market that Microsoft's trying to crack

Maybe for SP1? Of course, the program team's answer is likely to remain the same: "when we see customer demand". Fair enough.

Reader mail from Mike in Canada:

I’ve read your articles for years and they’ve always provided me with invaluable timely information. I have a quick question about the “Messaging and Security Feature Pack for Windows Mobile 5”. This seems to be a hard feature pack to find good information about. Microsoft doesn’t seem to have a download for it so I assume it must come with a Windows Mobile 5 Device that has a version after 148xx.2.x.x. My organization is about to get the latest Motorola Q’s from Bell Mobility in Canada. Apparently the Q’s that Bell have support the messaging and security feature pack for Windows Mobile 5 but I don’t really have any good information on it. This article is supposed to step me through the process of getting Windows Mobile devices working with Exchange SP2. Step 7 in this article tells me to install the Exchange ActiveSync Mobile Administration Web tool but I’ve never seen that tool (I’m guessing it comes with the feature pack).

I have an ISA 2004 server and I already have active sync working for older Windows Mobile devices but I’m very interested in the new live sync “direct push” technology so I’m trying to get as educated as I can before my new devices arrive from my provider. I don’t even know if the new “direct push” requires me to change my publishing policy in ISA Server as I can’t find information on that topic either (I used the wizard in ISA server to publish Exchange active sync over SSL for my older devices). Can you direct me to some more information and let me know if the feature pack is downloadable?

As part of my grand unified communications adventure (more on which later), I needed to get reverse number lookup (RNL) working with LCS. RNL is a simple concept: when you get a phone call from extension 1001, you want your computer to identify the caller as John Smith, not as '1001'.

Communicator looks up numbers using one of two sources:

• the address book produced by the Address Book Service on the LCS server; this is generated daily from whatever you've got in Active Directory.
• contacts in the user's local Outlook address book (or Windows address book)

When you place a call to a Communicator user, the PBX sends a CSTA message that includes a device identifier, like this:

<deviceIdentifier>tel:1001; phonecontext=pbx.litware.com</deviceIdentifier>

Communicator will try to match the device identifier against one of the numbers it can see in the address book or the Outlook contact. If it matches, it displays the caller info; if not, you just get the number. You can add this information manually, but the preferred way to do this is to put the callers' numbers into a multivalued attribute called proxyAddresses. However, we were in somewhat of a hurry. The simplest solution for us was to add the "TEL" URI of the associated extension into the "home" phone number field of each user object. This would more sensibly be done by a script, but for our lab environment, which only has a handful of extensions, it was a quick solution.

I'm a huge fan of the Exchange team's blog because it includes a wealth of technical information that you can't find anywhere else. They don't waste a lot of time with marketing fluff, and the folks who post there run the gamut from product support to developers to product managers. The Unified Communications Group at MS recently launched their own blog, which I hope will live up to the same standard.

Since I'm used to seeing my byline in print magazines, I don't usually get too excited about it. However, I was surprised (and pleased!) to see that the Solution Accelerator for Exchange Consolidation and Migration won an Honorable Mention in Windows IT Pro's Readers' Choice awards. This is especially cool because it was a write-in nomination! Missy Koslosky, Devin Ganger, and I worked really, really hard on this guide, and it's great to see that it's been useful to people.

Argh. This bit me, even though I knew better. I set up a managed custom folder, created a folder policy for it, and waited patiently for the folder to appear in a user mailbox. It didn't. Why? Because I hadn't set a schedule for the managed folder assistant, that's why. Fortunately, a quick run of start-ManagedFolderAssistant solved the problem.

Cool! EMC (perhaps you've heard of them?) is launching an expanded service offering to help their customers migrate applications and data from Lotus' collaboration platform to Microsoft's stack. If I get time, I'll watch their webcast and see what's what.

Jason Mayans, one of the Exchange 2007 team's product managers, has a new blog in which he discusses (among other things) how the new calendaring and scheduling features in Exchange 2007 came to be. It makes for interesting reading.

As Ed pointed out, Jack Dausman has a couple of articles about Exchange storage, and I finally have cycles to respond.

First, I find it a little sad that there's so much effort being expended to help Chris Bordeleau tune his Domino server in the absence of any real data. Where are Domino's performance monitoring and load testing tools? Are there no equivalents to jetstress and loadsim? Surely if Chris could post some actual performance data values the folks at Ed's place would be able to help him out more directly.

Now, on to Jack's postings. The Storage Magazine article he cites is, sad to say, old news to experienced Exchange administrators: using an archiving tool against Exchange won't shrink the database unless you compact it. There are relatively few reasons why you'd actually do a compaction in practice, though:

• you move a lot of mailboxes from one database to another, thus reducing the amount of data needed for the source database
• you do a first run of an archiving / vaulting tool that removes a significant amount of message data
• you're running so low on disk space that you need to reclaim white space, even though you know the store will grow again.

You certainly don't need to run a tool like GOexchange regularly, as I've said before. Most sites don't ever need to run it at all; after all, there are very few companies where the amount of stored e-mail is shrinking (don't I wish!)

As to a couple of Jack's other points:

• He says that Domino supports larger mail files than other systems. I think we're having a semantic disconnect here: Exchange supports very, very large mailbox databases, but it's uncommon to see individual mailboxes much larger than 6 GB or so. That's not because of any hard-coded limit; it's mostly because of poor client performance with older versions of Outlook. The big killer here is actually the number of items, not the mailbox size.
• He mentions turning off transactional logging to increase performance on Domino servers. Exchange doesn't let you turn off transaction logging for the simple reason that it's a key DR capability. I'm not sure under what circumstances it would make sense to trade off a small speed boost for degrading your DR capability.

Jack and Charles Robinson represent (IMHO) the best of the Domino community: they deal in technical discussions, not infantile bashing, and they understand their chosen products well enough to have intelligent discussions about them.

At first I thought this was a joke, but apparently not: Sametime doesn't support LDAP paging, so in very large Active Directory environments IBM tells you to increase the result page size on your servers. Haven't they ever heard of LDAP paging?

I had this flagged for blogging, and now that I'm back from vacation, I'm finally getting around to clearing out some of my queue! Anyway, Neil pointed out that Microsoft has released the Microsoft Official Curriculum (MOC) courseware for their LCS 2005 course, 7034A: Implementing Microsoft Office Live Communications Server 2005 SP1. If you're interested in learning more about LCS, this is a good no-cost way to get an in-depth look at how it works and how to set up and manage it.

InfoWorld just posted a fairly comprehensive review of Exchange 2007 beta 2, and they liked what they saw.

Exchange 2007 requires the RC0 build of Monad. The currently available build of PowerShell (née Monad) is RC1. Although the Exchange 2007 release notes tell you to install the latest build of PowerShell, they don't really mean it; beta 2 requires RC0. Nothing more, nothing less. You can get the RC0 build of Monad using the link on the Exchange 2007 setup splash page (which I couldn't use because my VMs don't have Internet access), or here, and install it. Don't forget that the extension for scripts changes: it's .msh in RC0 and .ps1 in RC1 and later.

Another error from the Exchange 2007 beta setup parade: after you remove a server, when you reinstall, you may get an error that says that "Default VoiceMessageOriginator contact already exists". The trick to fix this is to launch ADU&C, turn on advanced mode, and open the Microsoft Exchange System Objects container. In that container, you'll see an object called Exchange UM<GUID>. This object is used to represent the system as the sender of UM messages. You'll need to remove it. (Microsoft is planning to change the way the sender object is created in future builds, so this is a beta-2-only bug.)

Exchange 2007's setup program includes the ability to reinstall the Exchange binaries on a failed server. I had to use this today to replace a server VM that was mangled by a problem with our SAN controller; through no fault of anyone except a certain large SAN company, the VM was corrupt and couldn't be restored. I rebuilt the base OS image, gave it the same machine name, and fired up setup /m:recoverserver. That seemed to work OK, reinstalling the hub transport and mailbox roles. Then I got an unexpected error:

Client Access Role ......................... FAILED
The AD Object for virtual directory 'IIS://EXCHANGE/W3SVC/1/ROOT/Microsoft-Server-ActiveSync' on 'EXCHANGE' could not be created. This may be happening because it already exists in Active Directory. Remove the object from Active Directory, then re-create it.

I couldn't find any documentation on how to fix this. That's an awfully generic error message. However, I eventually found the suspect object living in the configuration NC of my AD: cn=services, cn=Microsoft Exchange, cn=orgName, cn=Administrative Groups, cn=Servers, cn=serverName, cn=Protocols, cn=HTTP. So, I removed it. All done? Not quite.

See, once you run with /m:recoverserver, the setup code writes a flag in each role (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\v8.0\roleName) that says "I'm in disaster recovery mode". As long as that flag is present, you can't install or remove server roles, so I couldn't just run exsetup /m:install /r:clientaccess like you'd think. First, I removed the Action value under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\v8.0\ClientAccessRole. Next, I uninstalled the CAS role (which wasn't really there anyway!), then I re-installed the CAS role. However, Exchange setup still thought the CAS role was installed, so it wouldn't install it. I tried adjusting MSExchCurrentServerRoles for the server object, but I don't think Exchange likes a value of "0". Subsequent reinstalls complained that the Exchange Servers USG was missing. Rather than continue to tinker, I ended up removing the AD org object and reinstalling from scratch. I think the original virtual directory error is a bug, and I'm going to report it as such.

Update: this is now logged as bug 176356.

Exchange 2007 setup asks you whether you have any client computers running Outlook 2003 or earlier. It does this so it can determine whether you'll need the legacy Schedule+ Free/Busy and offline address book folders-- but that got me to wondering: what about Office Communicator? Does it count as a pre-Outlook 2007 client? After all, Communicator uses MAPI to connect to the Exchange server and get free/busy data for your mailbox and the mailboxes of those on your contact list. I'm trying to find the answer and will update this post once I do.

(Interesting side note: Communicator will use an open MAPI session if one already exists; if not it will create its own.)

Update: turns out, the answer is "no, it's not a legacy client". Communicator makes MAPI requests to get your free/busy data, which it then publishes to LCS. The free/busy data you see for other contacts in your contact list comes from the LCS server, not your local copy of Communicator's interrogation of their mailboxes. So, this should work fine... but I'm still going to test it!

The hits just keep coming! Microsoft yesterday announced the release of the first version of the Exchange Troubleshooting Assistant (ExTA), an automated tool that analyzes several different kinds of log files and tracing data to help you pinpoint problems. This is a great idea, and next time I face a misbehaving server I'll give it a try (not that I'm in a hurry, mind you!)

Ed Brill is making hay with Microsoft's system recommendations for Exchange 2007 beta 2. (Don't miss the comments, especially the ones pointing out that IBM doesn't even publish per-user resource guidelines for their own products-- good thing, because if they did Workplace wouldn't look too spiffy!)

Anyway, Ed's article misses the point: the recommendations are for servers with "many users with large, frequently used mailboxes". If you don't have many users, or they don't have very large (>1GB) mailboxes, or the mailboxes aren't frequently accessed, you can get by with much less RAM.

Remember, the point of adding RAM is to reduce the number of I/O operations per second (IOPS) that you need to handle a given user load. Large mailboxes and frequent accesses mean more IOPS. More IOPS means more disk spindles, which means lots more money. Gigabytes of RAM are cheap compared to SAN disks; right now, Exchange 2003 servers scale out by adding more spindles to get more IOPS. With Exchange 2007, you have a choice: add IOPS by adding disks or reduce the number of required IOPS for the same user load by adding RAM for caching. You get to choose according to your needs-- part of Microsoft's promise to provide more administrator choice and control in Exchange 2007. (Take a look at this post for more detail on disk I/O tradeoffs in Exchange 2007.)

Ed's pricing example is a little disingenuous too, because he doesn't specify how many Notes users his hypothetical 6200-user Dell configuration could host, and he ignores storage costs altogether. I'll be happy to put together a reasonable configuration for N Exchange users and cost it out if you'll do the same for Domino. (I've made this offer before, and Ed's ignored it-- wonder why?)

Microsoft has taken a step that I've long hoped for: they've renamed the former "Exchange Ranger" program to better reflect its serious nature, and they've opened it to people outside the company (as long as they're associated with MS gold-certified partners). The entrance prerequisites are very stiff, there's a $25,000 tuition charge, and the training is extremely demanding: six days a week for five weeks, with extensive hands-on and lab-based testing each week. The curriculum looks really tantalizing. However, I don't think I'd like being away from my family for that length of time-- a six-week immersion is a bit much.

Interestingly, as far as I can tell none of Microsoft's competitors have such a highly structured or rigorous program for their messaging architects. The closest equivalent I can think of is Cisco's series of programs, and even then they don't take six weeks.

Scalix announced yesterday that they're going to provide open source licenses for major components of their product. This aligns them nicely with Zimbra, which has already done the same thing. Zimbra has a better web interface (IMHO) than Scalix does, and better admin tools to boot; however, Scalix has a mature and proven back-end system. If they really wanted to give IBM and Microsoft headaches, the two of them should team up somehow and combine forces. I can't take credit for the idea; fellow MVP William Lefkovics suggested it to me a few months ago.

From Ed's blog, news that IBM is moving toward a slightly different licensing strategy for its products.

Why does IBM even use per-processor licensing? Customers hate it. Microsoft has been making hay in the database world by showing the license cost differential between SQL Server 2005 and DB2 on equivalent hardware-- it can be up to an order of magnitude difference! That gets CxOs' attention PDQ.

Doesn't it make more sense to price software according to the number of actual clients or users and not the capacity of the machine? As I understand it, if I buy a 2-CPU dual-core Opteron server, I have to buy 4 Domino CPU licenses (or the equivalent number of "processor value units"), no matter how many actual users connect to the box or what else it's used for. Compare this with the pricing model for Exchange, GroupWise, or even OCS: you pay for the number of users you're supporting, not for what your hardware is potentially capable of.

"Processor value units" seem like an IBM attempt to extract money that they wouldn't otherwise be entitled to from customers who are moving to multi-core CPUs. When Ed asks:

...what would you like to see happen as far as sub-capacity or multi-core licensing and pricing for Domino? ..t. If the answer is "we just want to pay less for Domino", that dog doesn't really hunt -- unless you have an idea how that translates into IBM growing and maintaining the Domino business.

one translation of the question might be "customers, we know you think our license model doesn't reflect reality, but we don't care if you want to pay less." The right thing to do for growing the business is to adopt the MS model for virtualization licensing: license per active instance and virtual CPU, not for physical instances of anything.

(and before the flames start: yes, I know MS has per-CPU licenses for some products, like SQL Server. However, AFAIK they don't do per-CPU licenses for their messaging and collab products; I don't know offhand if they're doing per-CPU or CAL for Office SharePoint Server or not.)

Update: yep, customers hate IBM's licensing model, all right.

Devin has a good summary of some of the things you should expect (or may not expect!) in Exchange 2007 beta 2.

The Exchange 2007 preview center has a new white paper on Exchange 2007's unified messaging (UM) implementation. If you're interested in how UM works, check it out.

Wow! Not sure how I missed this bombshell: CA bought XOsoft. I hope CA has the good sense to leave the XOsoft folks in place and let them do what they do best.

Great news! Exchange 2007 beta 2 is being launched today. The press release is here. You can download it or order it on DVD; the download isn't active yet (I expect it any minute, but Microsoft.com is so huge there's often a gap between press release postings and live bits).

In very closely related news, the Exchange 2007-compatible version of Microsoft Forefront (née Antigen) will be available today too.

Microsoft's been making a big deal out of the Messaging and Security Feature Pack, which adds some nifty device and security management features to Windows Mobile 5.0 devices. However, there's a problem with MSFP policies on the device side; ironically, it only shows up on devices of security-conscious users.

Let's say that you set a device timeout on your WM5.0 device of 5 minutes. You then create an MSFP policy that sets the device lock policy time to 15 minutes. When the policy is applied to the device, your 5-minute timeout is overridden with the 15-minute timeout, making the device somewhat less secure.

What can you do about it? Nothing at the moment. The Windows Mobile team is well aware of the issue, and I'm sure they're busy thinking about how they can best fix the problem.

It sometimes happens that I get the same (or similar) question from several people within a short time frame. That's usually a good indicator that the answer would make a good blog entry! Today's installment in this long-running series is simple: how do journaling systems and encrypted mail go together?

When you use S/MIME, the message is encrypted when the client submits it to the store. Exchange only gets the encrypted version. That means that when it’s journaled, it’s encrypted. It stays encrypted until the recipient opens it. The journaling system can copy the message, and it will have access to the envelope information (like who sent the message, who it’s addressed to, and the subject). However, for encrypted messages, the message payload is encrypted, so it won’t be readable by the archiving administrator.

When you use Windows Rights Management Services, the situation is much the same: the message is protected before it leaves the client. However, RMS supports the concept of a group of “super users” who can recover content no matter who created it. That means that super users can recover protected content from the archive, which is exactly what most companies want to do.

How do you get RMS-like behavior from S/MIME? Simple (well, conceptually simple, anyway). All you need to do is CC or BCC the archiving administrator on every message sent. That will cause the message to be encrypted with their cert as a recipient, preserving their ability to read the messages. Implementing this is left as an exercise for the reader (and it’s not really trivial, which is why DoD and other TLAs have their own custom solutions known as security guards (try this one for an example). One way to start is by using a custom Outlook form that includes the BCC recipients. In fact, you could easily build an Exchange 2007 transport rule that would NDR any encrypted message that was not BCC'd to the security guard. Maybe I'll try that next week...

Exchange's Unified Messaging server role controls access to the Outlook Voice Access interface in several ways. Today I want to talk about PIN authentication and how it works.

Every UM-enabled user will have an associated PIN. The PIN is stored as an encrypted string as an attribute of the user account object in Active Directory; the PIN is encrypted along with a salt, so it can't easily be reversed. (Despite this protection it's still a bad idea to choose your ATM PIN or AD password as a UM PIN, but of course you know better).

Administrators can set PIN policies that control the permissible length of the PINs and how long they remain valid. Users can reset their PINs at any time using OWA 2007 or Outlook 2007; when the PIN is reset, the user gets an e-mail containing the new PIN. This helps protect against denial-of-service attacks where user A logs in to user B's voice mailbox and changes the PIN on the phone keypad. These policies are actually part of the UM mailbox policy objects, which you can use to specify some other settings as well- look for more details in a future post.

The UM role performs its own auditing of failed authentication attempts. When you call in to Outlook Voice Access, you get 3 tries to enter the PIN; if you fail, OVA hangs up and logs event ID 1013 to indicate the logon failure. If the failed authentication attempts continue, you'll see event ID 1012, indicating that the user's OVA access is locked. There's also a perfmon counter that you can watch to see the number of failed logon attempts, but I'm in an airport and away from my UM server so I can't post its exact name right now.

Very cool: Amazon just put up an item on my home page to tell me that there's a new book on Live Communications Server 2005: Professional Live Communications Server. I don't know if it's any good or not, but I've ordered it and will report back what I find out.

Update: I got the book and have read the first three or four chapters. So far, it's pretty good, though it's light on some key details (e.g. which SRV records do you have to manually add to let auto-configuration work?)

Update: here's my review.

Michael B. Smith posted a cool script on his blog today: it finds all the EDB and STM files on Exchange servers in your organization, then tells you how much disk space they actually take up. If you've ever wondered how much disk space your Exchange data is consuming, now you can find out.

My ISP apparently just turned on outbound SMTP filtering. For a work project, I've been gathering phish so we can run them through various filters. However, since last night, phish that I've attempted to redirect (as attachments, mind you, not redirected messages) are bouncing with a "550 This message contains malware" message. That's a good thing because it will help stop the spread of malware from systems on Buckeye's network, though it's a mite inconvenient for me.

More broadly, this points out something that other larger ISPs, like Comcast and Verizon, could productively institute, and it's worth looking into for most companies as well. It only takes one compromised machine to send out enough spam or malware to get your entire network blacklisted, and blacklists tend to be rather more persistent than most people realize.

Jeff Raikes started off the presentation with a short "People-Ready" video and a discussion of some broad communications and collaboration challenges. There was a short man-on-the-street video interview montage, which wasn't funny, followed by a demo of the new RoundTable conferencing camera featuring a meeting to discuss where a team should eat lunch. Realistic? No, but mildly amusing, and it showed off RoundTable well.

RoundTable (available "about a year from now") is a hardware device: it's a 360° camera that works with Live Meeting to give you panoramic video and automatic speaker detection: you see the face of whoever's talking at the moment. If it's well-executed, this could be very valuable for distributed teams.

Next, Raikes talked about SIP and how it's the core protocol for Microsoft's communications system. Office is positioned as a platform delivering services in key areas, including presence and mobility enablement. The New product announcements, all due in Q2 CY 2007:

• Office Communications Server 2007, which unifies SIP-based IM and self-hosted conferencing. This is a terrific answer to critics who have complained that Live Meeting is only available as a service. Lots of customers want hosted conferencing servers, but not everyone does.
• Office Communicator 2007, which now includes a SIP softphone so you can use the VoIP features of Communications Server and Communicator without any hardware.
• Office Live Meeting adds the capability to use both PSTN and IP audio, plus WMV and Flash embedding (the demo featured a Live Meeting session in which a video was played back-- a nice, and useful, feature). Live Meeting includes presence status indicators, and it provides "talking head" video of the presenter.

Raikes was joined on-stage by Anoop Gupta of Microsoft's unified communications group for a demo of the new suite of projects featuring a future clone of Raikes-- this was a clever idea, and the "clone" actor pulled it off nicely. The demo showcased the high degree of integration between Communicator, Communications Server, and 2007 Office System applications. For example, when you start an IM session from within Outlook, the IM window reflects the subject of the e-mail message. The point behind this demo was to show how easy it is to move seamlessly between audio, text, and video conferencing (and application sharing) without switching applications or work contexts. There's a small inset window for video conversations that shows what you look like, which is also useful. The 2007 products support multi-party, multi-point audio and video, something missing from the 2005 versions.

One part of the demo showed a voice-driven session with the Microsoft helpdesk, conducted through Communicator 2007: a manager called in and automatically provisioned a new user. The point of this demo is that Microsoft's positioning of their communications product as a platform unlocks a wide range of potential business applications. SharePoint already puts a heavy emphasis on self-service provisioning, one of its most popular features; it's good to see this possibility expanded to other areas.

There were a few surprises; for example, Live Meeting will integrate with the Exchange Hosted Services Archiving component to provide long-term archiving for meeting data. This is a very smart move, because compliance is one of the key drivers that make people want self-hosted conferencing services.)

Other nifty things they showed: Exchange 2007 Outlook Voice Access; getting an Exchange 2007 unified messaging voice mail on a Windows Mobile device and playing it back; SOTI PocketController for controlling a mobile device from the Windows desktop; Communicator Mobile running on the Motorola Q.

Microsoft also made partnering announcements with Hewlett Packard, Motorola, and Siemens. HP is committing to providing Communications Server services and installations, and Siemens is building solutions to help people move from their conventional PBX solutions to IP-based systems featuring Microsoft's solutions. Motorola's announcement involves roaming between cellular to VoIP calls, but it's not clear to me what impact this has to actual users and administrators. With the very successful launch of the Q, Motorola clearly wants to be a player in the mobile computing/mobile LOB area.

LG-Nortel, Polycom, and Thomson all committed to building hardware SIP phones that include the new "Communicator phone experience". This is an awkward term for something very cool: you see a user interface on your desktop phone that looks, and acts, like the desktop, mobile, and browser-based Communicator interfaces. For example, your phone can show your Communications Server contact list (including your MSN, Yahoo, and AIM contacts if you're using PIC). Gupta and Raikes showed one such device, along with a Tatung cordless USB SIP phone. (I definitely want one of these!)

Raikes closed with a two-fold call to action: deploy Active Directory, because it's the unified directory foundation for all of Microsoft's communications services; and evaluate Exchange Server 2007 when beta 2 ships in July.

In light of IBM's announcement, who wins the day? Based solely on announced ship dates, IBM will be to market first. However, Microsoft announced a much broader portfolio of technologies (not to mention the Exchange 2007 Unified Messaging feature set), and the Microsoft solutions can easily be deployed anywhere there's Active Directory. Given how fast Microsoft has been taking real-time communications market share from IBM, I think I know which way I'd bet.

Updated: edited to fix a couple of typos and add a link to this post on using Exchange UM and LCS 2005 with Asterisk.

Nifty trick courtesy of Microsoft's Andy Ruff: you can mount an Exchange 2000/2003/2007 public folder on your Mac OS X desktop and use it just like any other folder. How? It's easy:

1. In Finder, do Command-K (Go:Connect to Server)
2. Enter the url of the public folder, including http:// (e.g. http://mail.example.com/public/test%20folder/)
3. Drag and drop files to-from the folder, or open and save items into the folders from your favorite applications.

This is good news; Microsoft released a new version of their Windows Mobile emulator that correctly emulates the Messaging and Security Feature Pack. I demoed the MSFP on the emulator at the "Get Ready" event in Oslo, but all I could show was the policy application process. That works no matter what kind of connection you have (e.g. it worked OK when what I had was plain TCP/IP from the emulator to the Exchange server virtual machine). However, the push e-mail feature only works over cellular/GPRS networks, which the emulator didn't emulate. Now it does, so I should be able to do a much richer demo in Johannesburg.

I've had a fun afternoon playing around with Cloudmark Server Edition, an Exchange plugin that uses Cloudmark's collaborative filtering network to block spam. It has an excellent reputation for effectiveness, but so far I can't get past the unfortunate fact that it requires a service account that has permissions on all mailboxes that it's supposed to protect. This account must be a member of the Domain Admins and Enterprise Admins groups, and it must have Exchange Administrator rights on the entire Exchange organization. This represents a serious potential security exposure, because if that account is compromised it's game over.

But Wenzel says the need for unified messaging, a major new feature of Exchange 2007, is driving his upgrade plan along with improvements in Outlook Web Access and search

This past week, Microsoft shipped the release version of the Application Transporter 2006 for Lotus Domino. (nb. I didn't see any comments about this on Ed's blog; guess his mind is elsewhere.) Anyway, this toolset, based on the excellent Proposion codebase, looks like a pretty useful addition to MS' suite of migration tools. As a bonus, they updated the Application Analyzer to address the legitimate complaint that it was incorrectly reading the last-used date on Domino-based applications and thus producing incorrect results.

Very cool! Microsoft has released a fully supported version of the Exchange quota message service, which allows Exchange administrators to customize the messages users get when they exceed their mailbox quotas. This is great news, and it demonstrates Microsoft's ongoing investment in their products-- their web release tools keep getting better and better.

I'm heading to Portugal for the first "Get Ready" event (link here; hope you fala portugês). I've never been there before, so it should be an interesting trip. My outbound is TOL-CVG-CDG-LIS on Delta, then for the return I'm going LIS-AMS on TAP Portugal (another first), then AMS-ATL-TOL on DL again.

The event itself is a one-day roadshow highlighting the forthcoming releases of Office 2007, Exchange Server 2007, and Windows Vista. There are upcoming events in Oslo, Munich, and Johannesburg; I'll be at the Oslo and Johannesburg events; Jim McBee will be in Munich and Johannesburg, and Devin Ganger will be joining me in Lisbon and Oslo. (Oh, let's not forget my old pal Glenn Fincher, who will be delivering the Office 2007 sessions in Oslo, Munich, and Johannesburg).

Had an interesting exchange with Microsoft's Michael Khalili in which I finally learned how many angels can dance on the head of a pin. No, actually, I learned what Microsoft's recommendations are for Exchange 2007 UM server sizing. Michael's guidance is that a single dedicated UM server can handle up to about 100 concurrent telephone calls (the nunber obviously varies according to your hardware configuration and which gateway you're using). If you have fewer calls arriving concurrently than that, you can happily colocate the UM role with other server roles.

Note that this has nothing to do with the number of users, mailboxes, or PBXs-- it's just a guideline for the number of ringing phones you have to support at once.

My friend (and fellow Exchange MVP) David Sengupta just wrote a white paper summarizing the best practices for electronic document discovery for Exchange administrators. If you run an Exchange server, it's worth reading (and I'm not just saying that because I wrote the foreword).

Now this isn't very nice: GLEG (whoever they are) sell an LDAP stress test/verification tool called ProtoVer. On the ProtoVer page, they have a Flash movie that appears to show a Domino 7.0 server failing after the tool is run against it. Since they announced the vuln on Full-Disclosure, I haven't seen any more discussion, nor have I seen any evidence that IBM are aware of the bug.

So, Ed made our email exchange front-page news by posting summaries, but not the actual messages, from the thread of email we exchanged after my March 15 column, "Tooling Up for Exchange Migration", went out. I think the summaries miss some important details, so I'm going to post the full messages in the next day or two; it's a hassle to turn them into readable HTML, and I'm busy with several things that have to be done before I head out for Exchange Connections in Nice, so I don't have time to do it right now. For now, suffice it to say that it's interesting to see the comments from the Notes faithful complaining about IBM's branding for WCS, Workplace, Websphere, and Notes.

Oh, heck, why not. Here's Ed's first message:

Paul --

I'm disappointed that you continue to push this falsehood about the Lotus product line:

"IBM is pushing Notes, and its successor, Workplace Collaboration Services, as a future-proof way to protect existing investments".

Could you please provide documentation to evidence where IBM has indicated that Workplace Collaboration Services is the successor to Lotus Notes. When you determine that none exists, I ask that you please discontinue such references, which you also made in comments on your own weblog and others.

I'll also question your assertion " although Exchange clearly offers a better messaging and calendaring system than Notes (particularly when you include the desktop client in the comparison), " but I guess you're entitled to your opinion -- clear or not.

Also, will you be covering the deficiencies in the Application Analyzer 2006 for Lotus Notes in a future newsletter, now that you've promoted its use in this week's?

Thanks --Ed

And my reply (I've converted footnotes into links for readability and changed the formatting a bit):

Ed--

It’s clear that we disagree on a few things, and it’s ironic given that the intent of the sentence you complain about was to say that IBM is strongly pushing the notion that Notes/Domino/Workplace offers better investment protection than does Microsoft’s platform.

IBM has introduced WCS to offer “converging and complementary functionality”. Arthur Fontaine says that “Workplace Managed Client is an enhancement, not a replacement.” This sounds like the introduction of a completely separate product that provides a parallel path to Notes/Domino. On the other hand, you said: “When that happens, whether it's Notes 7.5 or 8.x, the Notes client and the Workplace client become the same thing," Brill said.

If they’re the same thing, that certainly gives the impression that the two are converging. That’s the whole idea of a one-lane road, isn’t it? In my experience, that means that only one will remain. Very, very few technology companies are willing to maintain two separate but parallel product tracks given the degree of investment that doing so requires. Erica Rugulies of Forrester gets the point when she questions whether IBM’s going to maintain two sets of collaboration tools.

David Via of Ferris said something analogous, quoted in an article with your own byline:
"It is now very clear that Notes technology (and most importantly millions of applications) will live on, effectively embedded in the new Workplace Client.

So, Notes applications will be embedded in the Workplace managed client, at which point they’ll be what? Notes applications not running in the Notes client? Notes applications that won’t necessarily be hosted on a Domino server? Sounds like a replacement to me. In fact, using language like “sets the stage for extensions to applications”[6] is very reminiscent of what Gary Devendorf keeps talking about, although in the opposite direction.

So, to answer your request [ed: for a correction]: no. I think there’s ample evidence to support the claim that Workplace will be the eventual successor to Notes, although you’re welcome to try to convince me that the quotes I cite mean something different.

Now, on to what “clearly” means in “clearly offers a better messaging and calendaring system”. From my perspective as a messaging administrator, and as a consultant who deals every day with a wide range of customer messaging environments, I think it’s fair to say that the current version of Exchange offers a number of desirable messaging features that Notes and Domino do not. These features include an integrated anti-spam filter and integrated wireless access for a wide range of devices, to say nothing of Exchange’s higher scalability on identical hardware. There are lots of little things, too: Exchange offers a much broader range of performance parameters you can monitor; the scripting environment for performing admin tasks is much richer,

On the client side, you and I both know that the Notes client has been lambasted over the years for its user interface. You can argue over whether that’s just a matter of it being unfamiliar to Outlook users; I think the bigger point is that the Notes interface diverges significantly from other Windows productivity applications (including not only Microsoft Office but Lotus’ own SmartSuite products); this divergence confuses users and makes them think that the Notes client is hard to use— because for them, it is. To its credit, the Notes team has worked hard to make the client UI more consistent; however, the very strength of interest in DAMO should indicate something about user preferences in the broader market.

As for writing about the app analyzer in more detail: I may or may not, depending on the amount of reader feedback I get. With Exchange 12 around the corner, most of my reader mail recently has been asking questions about some of the new features (notably unified messaging and compliance) that Microsoft hasn’t been discussing in detail.

Cheers,

-Paul

I'll post more later, but now I really do need to get some real work done.

From the "own goal" department: Oracle found a vuln affecting multiple versions of their database, so they promptly posted a description and a description of the exploit on their Metalink web site. Oooops. Good thing they have a security czar to make sure this kind of stuff doesn't happen.

An update on yesterday's migration bounty story: IBM's press release clarifies some details: the bounty is $20/seat, with a max of $20K. It applies only to customers who move to Domino hosted on Linux, Domino Web Access on Linux desktops, or the Notes plugin for the Workplace Managed Client. Like I said yesterday, that's a tough sell, especially when you consider the management environment of Linux desktops vs Windows desktops.

This is a hoot: after complaining bitterly that Microsoft was offering bounties to business partners to encourage them to get customers moved from Notes/Domino to the MS collaboration stack, IBM is now doing the same thing. This Washington Post article quotes Peter O'Kelly at length, pointing out that it's unusual for IBM to offer a bounty like this. I don't want to say or imply that it's a desperation move by IBM, but it's certainly unexpected, and it seems to be funded (at least in part) by IBM's Linux division. Selling Notes on Linux is harder than selling it on Windows, since partners will have to convince non-Linux shops to make the leap to an unfamiliar OS and to throw away much of their investment in Windows infrastructure-- an irony, given IBM's claim that Notes/Domino provides better investment protection than does MS' stack.

A modest proposal: in six months, both IBM and MS should publicly tell the world how much bounty money they've paid out. That's a good way to gauge the effectiveness of their respective programs.

Amusing post from Roberto Boccadoro in which he attempts to explain IBM's Workplace branding. He dismisses the existence of multiple products with the same name ("Does this create confusion? I do not think so") and heaps fun on Microsoft from the explosion of products that live under the Office brand.

Why is this amusing? Because customers don't understand what the difference is between Workplace-the-product and Workplace-the-brand. I see this time and again when I speak with people. Just as it was a bad idea for Microsoft to have two different products both named SharePoint, IBM's differentiation between Workplace and its subordinate products isn't, well, working. And don't get me started on the many subordinate products-- when you install Workplace Collaboration Services (hmm, they didn't steal that name from Oracle, did they?) you also get WebSphere and a passel of other, un-Workplace-branded products. By contrast, Notes/Sametime has a much more consistent branding message... at least, it did until I got hoovered up into Workplace.

So, I wrote an article about Exchange 2003 SP2's new mobility features. Unfortunately, there's a minor editing error: the article says you need Windows Mobile 5.0 or the MSFP to take advantage of the new features. If only that were true! You actually have to have both WM5.0 and the MSFP to get the tasty new feature goodness. Sorry to my readers for the mixup.

I wish I had more time to write more, but I don't. A few brief notes: user admin is still kind of a mishmash, because you have to create directory users and provision them through one tool, then manage their rights in each application through that application. If a component isn't installed or running, you can't provision it. For example, if you don't start the mail service, when you create a user account, it won't have any email attributes. (It's simple to go back to oiddas and add that capability, but it stinks that you have to.)

Second, your first move ought to be to grant the orcladmin user email admin rights, then create a domain. This isn't well described in Oracle's documentation-- the steps required to complete these tasks are, but not the fact that you have to do them in the first place. If you don't do this, you'll have all kinds of hassles.

My copy of the Burleson and Garmany book got here today, but I've been too busy to read any of it yet. Perhaps tonight.

Oh, and when you create a new user, don't put in a FQDN for the email address. If you do, you'll end up in a catch-22: you can't create an email domain for the RHS of the address, but you can't remove the existing email address (or log on to the OCS mail page) because... wait for it... the domain doesn't exist.

Domino and Exchange are easy to start. Workplace is moderately easy (or, at least, the start procedure is well documented). None of these things are true of Oracle Collaboration Suite (OCS).

There are actually three separate OCS tiers: the database itself, the infrastructure tier, and the midtier, which is actually where most of OCS functionality is implemented. The problem is that you have to already be an Oracle DBA to know which services to start in what order. The documentation describes the process in general terms, but Oracle was kind enough to provide sample scripts to do the job for you: search Oracle's docs for "ocsctl_sample" and you'll find them.

One side note: if you've done a one-box install, you must manually reset the ORACLE_HOME environment value before running ocsctl_sample (or its equivalent) because the infrastructure and application components go in two separate places.

While Devin beavers away on Workplace, I'm digging in to Oracle Collaboration Suite 10g. So far, I can report that the install experience is about a million times better than OCS r2 or (gack) the original version. However, the documentation isn't greatly improved, and now that it's installed I'm having a heck of a time getting it to actually work.

Metalink article 331666.1 has a ton of very detailed guidance in it which is absolutely worthless until you manage to get opmn and the other baseline services running. I've just ordered Burleson and Garmony's Oracle AS 10g book, so I'll see if it helps any.

Microsoft was handing out beta refresh bits for their very cool new System Center Capacity Planner (SCCP) tool at Exchange Connections this week. Unfortunately, they made a minor error that results in the bits not linking to the community support site as intended. Jonathan Hardwick explains here.

Devin and I are trying to get Workplace IM to work. I can log on with IE for Windows, but not Firefox for Windows or Mac or Safari for Mac-- clicking the "Log me in to instant messaging" link doesn't do anything. He can log on with Firefox or IE for Windows. After several logout/login cycles, he and I were able to see each other-- giving us a plain-text IM window reminiscent of BBS chat in 1982. It's a far cry from Communicator Web Access, that's for sure (much less a rich client like the desktop version of Communicator or iChat).

I'm finally able to take some time to dig into IBM's Workplace product line. Long-time readers will remember that I wrote about buying licenses last year, but I'm just now getting around to working with the product (currently at version 2.5.1).

So far, here's what I've learned. Bear in mind that I'm working with the full Workplace product, not Workplace Services Express.

First, when IBM recommends 4GB of RAM, they mean it. I tried running a single-server Workplace install in a VM with 1.5GB, and it was page-faulting like a madman-- it took more than 15 minutes just to get a logon page. On a single-CPU machine with 2GB, performance is more acceptable but still not great. (I remember complaining that betas of Exchange 2000 on a single-CPU machine were slow with less than 384MB of RAM... technology marches on!)

Second, if you don't already know what you're doing, too bad; there's no "getting started" documentation that I can find. There's a redbook called "Deploying IBM Workplace Collaboration Services on the IBM eServer iSeries Server" that purports to explain some of the getting-started stuff, but it's a draft, and there's a lot of missing content (like, say, the index). For example, chapter 4 (on directory services) has a note that says "new drafts will be published at least weekly", but it was last updated 13 July 2005. Oops. The DeveloperWorks site has a ton of Workplace-specific information, but it's focused (as you'd expect) on developing and customizing apps, not on basic administrative tasks.

This is problematic because it's not obvious (or even discoverable) how to perform many common tasks. How do you add a user? Well, it depends. If you've set up Workplace to use an external LDAP directory, you add users using your normal directory service and Workplace provisions them for you... but the default install uses WebSphere Member Manager vice an external directory, which is (AFAICT) completely invisible in the Workplace management tools. (For fun, try searching for "member manager" on the WebSphere Portal technical library... completely worthless.) In fact, as near as I can tell, WMM is always used as a lookaside DB to store Workplace-specific properties that may not be supported by the underlying LDAP directory. However, I can't find a list of these properties, so it's not clear whether other applications could make use of them. Users can self-provision (a nice touch) from the Workplace logon page, but that doesn't scale well.

Interestingly, the install instructions for a single-server demo deployment say you should use the default Cloudscape DBMS. However, the planning guide says that Cloudscape isn't robust enough for production use, so I guess you also have to buy a license for either DB2, Oracle, or SQL Server.

Finally, as far as I can tell, ordinary mortals still can't buy the rich client. It's reportedly available from IBM's PartnerWorld, so I guess I'd better sign up as an IBM partner if I want to test it. Sheesh.

Ordinarily I wouldn't post this announcement here, but I'm going to break tradition and do so because I'm one of the conference co-chairs. As such, I have to help find speakers, so I want this call for papers to go out far and wide.

Windows IT Pro is now accepting session proposals for the Oct-Nov. 2005 Windows Connections conference. We're heading to San Diego October 30 to November 2, 2005, for the premier Windows technical conference, and we'd like to hear from you!

If you're interested in speaking on Exchange-related topics at the show, send your abstracts to paul@robichaux.net by February 18. We want proposals for regular 75-minute sessions, as well as 1/2 day and full day pre-conference and post-conference sessions.

Note that we have a limited number of speaking slots, and all participants must be able to present a minimum of three 75-minute sessions. There are three basic requirements:

• Send a minimum of 3 session proposals (4 or 5 is ideal for discussion purposes)
• Include a biographical statement with your session proposals
• Include any additional pre- or post-con session proposals, if applicable

Please adhere to the February 18 deadline as we need to make speaker and session selections right away. (We plan to have a conference brochure ready to distribute at TechEd in June.)

I had a very interesting phone call yesterday with an IBMer named Jim Colson. Jim actually is the chief architect responsible for the Workplace Client Technology platform, and he'd contacted me after seeing my earlier post complaining that WCT wasn't generally available to tell me that it is available. Clearly there was a disconnect if it appeared that two different parts of IBM were telling me two different things, so I was eager to get the lowdown.

Jim explained that WCT is a client middleware platform, which  includes a wide range of technologies (including a managed client container, access technologies such as messaging, distributed business logic, data synchronization, and interaction technologies such as Embedded ViaVoice, and other presentation services including browser based and widget based interfaces from Eclipse).  These technologies can be used to build applications on various types of embedded, mobile, desktop, laptop, and server devices. The underlying technology has been in development for about 7 years; and  has been deployed in a wide range of solutions such as cars from Honda, Nokia mobile phones, laptops and tablets with Nissay,  and a wide range of line-of-business apps.

WCT is currently available to customers in a variety of forms. It's already built into a number of other products, and the WCT Micro Edition SDK offers a freely downloadable set of WCT components that can be used to evaluate WCT as an app dev platform. (To be perfectly unambiguous: the SDK is for production use, but you can download it to play with.)

WCT supports building deployable assemblies of components-- think of them as packaged runtimes-- to support particular applications. The Enterprise Offering (more properly, the Workplace Client Technology, Micro Edition Enterprise Offering, or WCTME-EO) bundles the most commonly required components and middleware services for desktop and laptop-class devices into a single deployable bundle. So, mea culpa: WCTME-EO and the WCT SDK are both generally available and widely used, my earlier claims notwithstanding.  Thanks Jim!

Still with me? OK, back to my previous post. Among other WCT customers, Lotus is using the WCT platform to build their own client, the Workplace Client Technology, Rich Edition. This is the actual client middle platform that I've been trying to get, and it is not generally available-- at least according to my IBM sales rep and the Lotus WCT Project Office. That's supposed to change with the release of Lotus Workplace Messaging 2.5 and Lotus Workplace Documents 2.5.

To put this in more familiar terms, my earlier post was roughly equivalent to complaining that Microsoft wouldn't let me have the .NET Framework (which is freely available and widely deployed, and for which beta/preview versions exist) when what I really wanted was Office. You can argue over whether Lotus is being forthright about exactly who can get  their WCT-based clients, and under what circumstances, but the bottom line is that WCT itself is available, and that's what Jim was trying to help me understand. Now I know what specific term to use next time I complain to Ed Brill.

Since my earlier posts on Workplace, I've been struggling with a problem: IBM won't sell me licenses for the Workplace Rich Client (echoes of "The Soup Nazi"...) After the earlier pricing misfire, I got another email from my sales rep, invoking the mighty power of the Workplace Client Technology Project Office:

The Workplace Client Technology Project Office has as its mission the job of implementing the Workplace Client Technology into customers environments in a controlled and measured manner and they are running pilot programs for customers. They have asked the following questions be answered in order to be considered for this piloting. We need to ensure the customer has

1. gained a thorough understanding of the technology
2. applied that understanding to real, known business pain(s) in their organization
3. high level sponsorship within their account that will consider making this technology part of their architectural strategy moving forward

Upon completion of this pre-qualification process, the Project Office can then select customers to pilot the software. Once the customer is accepted into the pilot program, we provide the customer information to download software from Passport Advantage.

We went back and forth a few times, as I sought to reassure my sales rep that I wasn't about to start madly deploying WCT in my Fortune 100 clients without any succor from the Project Office. That didn't help; the Project Office then wanted to know why we were an MS partner, how much Notes application development we did, and what IBM products we currently had deployed. I then sent a more detailed response that explained what we do (including an explanation of how we do capability assessments and product evaluations) and why we wanted the software. I haven't heard back from the project office yet (or from my sales rep, for that matter), although this might be due to the holidays.

Why is IBM being so tight with this technology? Sure, it might just be a matter of risk management; they don't want customers to have bad experiences with the product. That's understandable, although I note that Microsoft and Oracle (among others) restrict access to beta versions of their product, not the released versions. (As a side note, I find it a little offensive that IBM expects me to audition to gain the right to buy their product, but maybe that's just me. At least there's no swimsuit competition).

IMHO, IBM's overdoing it, because this approach ("we have a 'game-changing technology' but we won't let you have so you can start gaining an understanding of it") is not exactly going to speed their product's adoption. The WCT information page says that you need to contact your sales rep if you want to pilot or deploy the product, but it doesn't mention the fact that the Project Office is liable to tell you to go pound sand unless you survive their evaluation process. In fairness, that result is alluded to here, but I would be happier to see a forthright acknowledgement.

So, for now the answer I'm giving my customers is simple: "WCT is not generally available to customers, although neither IBM nor press reports have made this explicit. Draw your own conclusions about what that says of its deployment readiness and maturity. I can't comment because I haven't been able to work with it." I am hopeful that the strictures on WCT will loosen somewhat when 2.5 ships, but we'll have to wait and see.

My earlier post on the Workplace purchase experience garnered some interesting feedback, not the least of which was Ed's post. My response:

1. Why didn't I join PartnerWorld? I wanted to buy the software because that's typically what customers do, and I think that doing so gives a clearer picture of what the purchase and support process-- both of which have a significant impact on customers' satisfaction with a product-- looks like for a real customer.
2. Yes, there's a live showcase available, but that's cheating in a way. It's like watching Norm Abram build a dresser in 30 minutes; you see the end result, but many of the most significant, painful, and/or expensive milestones are glossed over.
3. Pricing: well, what can I say? Every major vendor I've ever worked at or with (including Microsoft, Apple, IBM, Intergraph, Oracle, and VERITAS) have a hard time figuring out what their direct-to-customer pricing is for various products. This is a nit more than anything. However, I'm still unhappy that I was first quoted $24/seat for the Workplace rich client, only to have that price zoom up to $129/seat when I actually attempted to close the deal. So, a question for Ed: if I want one license of Workplace Messaging, Team Collaboration, and Documents, with the rich client, what's the correct price?

I've decided that it would be a good idea for me to learn more about Workplace, if only so I have a better understanding of what it is and does. When customers ask me whether a solution is appropriate, I can't give a good answer if I don't have that knowledge. Accordingly, I decided to set up a sandbox and play; the new "Workplace" category here on the blog will contain sporadic reports of what I find and learn along the way. My experience so far has been pretty poor.

Problem #1: IBM doesn't offer evaluation versions. Microsoft, of course, freely distributes 120-day trials of Windows, Exchange, SQL Server, and so on; heck, even Oracle (motto: Worst Messaging Software Ever!) has trial versions of OCS. So, that meant I had to buy the licenses.

Problem #2: to buy IBM, you must call IBM. Well, not quite, but close. If I wanted a retail copy of Exchange, I could just go order it from any number of online resellers, or I could contact a local partner, or I could buy it right from MS. Workplace isn't like that. I started by calling four IBM business partners listed in this directory. I called all of them the day before Thanksgiving, leaving a detailed message explaining what I wanted. I got two return calls within two weeks, both of which wanted to know how many licenses of Domino I wanted. After I explained, both promised to get back to me within a day or two; neither did. So, I used the "call me" button on IBM's site and got a call the next day from a gentleman who wanted to explain why Workplace was the best thing since toothpaste in a tube. Once he understood that all I wanted was to buy it, he promised to connect me with a sales rep. Two weeks later, and after an email to a rep who had previously sent me a price quote for other software, I got a call.

Problem #3: get it in writing. The rep quoted me a per-CAL price for Workplace Messaging ($14.50, 50% off the normal price), Workplace Documents, and Workplace Team Collaboration (I don't remember their license costs offhand). She also quoted me a price of $24/seat for Workplace Rich Client. This was a substantial discount off the $129/seat list price, so I was excited... right up until my rep emailed me, after I'd already bought the server licenses, to say that her pricer had "denied" that special price and that I'd have to pay list. Oh well. The rep made an honest mistake, and these things happen in all kinds of sales environments (well, except for airlines, where intentionally deceptive pricing is a way of life.. but I digress).

Problem #4: your Passport is no good here. When you buy Workplace, you automatically get (or pay for, depending on how you look at it) 12 months of support. You access this support, and download the bits you've paid for, via the IBM Passport Advantage web site. This is a nice touch; MS only offers downloads for volume license customers. Unfortunately, when I logged in to the site, it showed that I had purchased a total of 0 licenses, so I couldn't actually download anything. "No problem," I thought. "I'll just call the handy 24-7 Passport support line". After 20 minutes on the phone (9am Saturday morning, mind you), the phone rep was unable to locate my licenses. He promised to call me back in "15 or 20 minutes." Apparently time is measured differently in his local region, 'cause I'm still waiting.

So, I can't talk about any other aspects of Workplace because I can't install it yet. On the other hand, IBM offered to accept a net-30 purchase order, so at least they don't actually have my money yet. Stay tuned for further developments.

Update: after a lengthy call on Monday to Passport support, we discovered that there were no licenses actually attached to my account yet because the order hadn't been generated. Apparently there is some double-secret approval process that has to take place before I get the bits but after I get the message saying "you've got bits".

Update: two interesting things happened today. First, this post made Network World; second, the Passport support folks called me back to tell me that my account was fixed. I am now downloading the first of the 31 components that the site seems to think I need to install Workplace Messaging. No connection is implied, since the support tech I spoke with yesterday was very helpful and courteous, and would have undoubtedly have solved the problem anyway.

In chapter 2, I claimed that Outlook 97 supports S/MIME v3. This is patently absurd. The correct claim is that Outlook 98 supports S/MIME v1, and that Outlook 2000 SR1 and later support S/MIME v3. Hat tip: Karim Battish of Microsoft.

This week I have a whitepaper due, plus the usual round of appointments (chiropractor, piano lessons, and so on). Next Monday-- that would be a mere 7 days from today-- I am supposed to have 100% of the text for my book submitted. Yikes! I'd better get back to work.

So, I thought I'd set up an ISA Server firewall. While I already have two other firewalls on other network segments, ISA allows you to make Exchange available with good security. So, I built a standalone machine and put ISA Server on it. So far, I've spent two days with no luck. It looks like I have to do all of the following:

1. Install the Secure NAT client on the Exchange server. I don't want to do this, becuase I don't like installing anything on the Exchange server. However, it appears to be necessary to make Exchange publish-able.
   
2. Get a new SSL certificate for the ISA server. Of course, since I tore down my internal CA a month or so ago, that means I have to either set it up again (a pain) or buy an external certificate (a bigger pain).
   
3. Go buy Tom Shinder's book. I probably should have done this already.
   

So, that's what I'm going to be doing, probably for the rest of this week, unless I get a better offer. Right now, Halo is looking pretty inviting. (At least I set up a new blog for e2ksecurity.com, which will be visible as soon as the DNS gods feel like it.)

Wednesday and Thursday were busy days too. Wednesday morning I did my session on best practices for migrating to Office XP. It was moderately well-attended, but posted good numbers (7.6/9.0, my best session overall). A surprising number of people are still using Office 97, which to me makes sense only if you can't afford better hardware. My own productivity is measurably higher with Office XP, based on just two features: the Send To collaboration features and the offline improvements in Outlook. I'm really excited about seeing the betas of Office 11, which promise improvements in the collaboration and disconnected-from-server environments.

In the afternoon, John & I went pistol shooting with Pierre Bijaou and Kieran McCorry of HP and Jerry Cochran of Microsoft. We had a great time, even though we could only stay on station for a short while. Pierre shot a little better than Kieran did, but they were both shooting respectable groups (Pierre with a Beretta .40S&W, Kieran with a 9mm Glock) by the time we left. Next year in Dallas, watch out!

Wednesday night was the Windows & .NET Magazine editorial dinner. What a great group of people! I met Darren Mar-Elia for the first time and got to spend some quality time talking with Kim Paulsen, the new publisher. These folks are serious about making a great magazine that gives their readers the information they want, but they're serious about doing it in a fun and lighthearted way.

Thursday was my storage management session, largely a repeat from last year. It was well-attended, and it got good evals, but it ran long (just like last year), so I missed most of the panel discussion I was supposed to attend. I had a meeting with some interesting hardware people, then it was time to head to the airport for my flight to Sacramento. That trip (and the associated wedding) was so cool that it deserves its own trip report, coming soon.

Busy day yesterday. John & I met in the speakers' lounge for a delicious convention center breakfast. We fell in to a conversation about WLANs with Spyros Sakellariadisand Nick Cavalancia, two opinionated and knowledgeable guys.

My first session, "Big Security for Small Exchange Sites", was well-attended. Many of the attendees, however, came from large Exchange sites, so I was a little nonplussed. My eval numbers were good, although the high sessions are doing no better than about 7.4 or so on a scale of 1-9. This is a bit unusual; the high sessions for last year's MEC were in the 8.5 range. Of course, Steve Riley and Jerry Honeycutt, two of the MEC's perennial stars, haven't presented yet.

After the session, I had a pleasant lunch with Sue Mosher and Randy Bryne, where they mostly talked about incomprehensible Outlook stuff. Then I went to the show floor, where I spent more time in the security ghetto talking to anti-spam and content filtering product vendors. I'm impressed with Nemx's PowerToolsproduct and IMLogic's suite of instant-messaging logging/reporting/auditing tools.

Session #2, "Exchange Security Secrets", was packed-- they had to turn people away at the door. My energy level was a little higher for this session, and I spent about two hours shoehorning in new content right before the session, but disappointingly my numbers were slightly lower than the first session. Such is life. (In an entertaining twist, the database that's supposed to give the speakers access to the attendees' comments on sessions is scrambled-- my comments page has comments about at least three other sessions, including two that got panned pretty badly. A little schadenfreude never hurts...)

I went to the big product show-floor reception and alternated between checking out booths I hadn't been to and staying near the Windows & .NET booth, where people asked me some interesting and flavorful questions about SANs, ISA Server, and a variety of other stuff. I'd finally had enough about 8:30, so I went back to the hotel and met John for a late dinner-- a giant banana split.

MEC 2002 is approaching fast: it's October 8-11 in Anaheim. I just got word that I'll be presenting two sessions there: "Big Security for Small Exchange Sites" and "Exploring Exchange Storage Manageability and Design". I am also tentatively down for a session on the best way to migrate to Office XP, which should be interesting.

So, a big shout out to all Exchange 2000 folks: come on to Anaheim and get some good learnin'

Well, I have to write it first, so hold your horses :)

Seriously, I am soliciting volunteer reviewers for Secure Messaging With Exchange, which I am busily writing for Microsoft Press. Exchange security is on a lot of peoples� minds, so I�d like to get a mix of experience levels. You don�t have to be a writer, and you don�t have to have years of Exchange experience. What you do have to do is simple:

• Install and use the Groove Transceiver client to gain access to the Groove shared space where I'm working.
  
• Agree to download new chapters as they're released and actually (gasp!) read them.
  
• Agree to turn in comments on chapters. You don't have to comment on every chapter, but if it becomes clear that you're sandbagging I'll have to drop you from the review group.
  
• Agree to make suggestions for improvements to the book.
  

In return for this, I'm offering acknowledgements in the text, my great gratitude, and a free copy of the book when it's printed. If you're interested, email me and tell me why you want to be a reviewer and what expertise you have with security and/or Exchange.

Microsoft's just released the Security Operations Guide for Exchange 2000. This is the definitive reference to how you should secure your E2K boxes, at least until my Exchange security book comes out :) The included scripts are mighty interesting, too.

Unfortunately, part 1 was only the beginnings of my troubles with Exchange.

A humble preface

I have been using computers since 1978, when I got my first puny little TRS-80 Model I. I've been earning a living from them since about 1981 or so. During all that time, I've never had a serious hardware failure. No data loss; no crashed drives, no nothing-- not even when a crazed squirrel bit through our house power line and incinerated the power supply of my (then) brand-new Mac Plus.  However, I am now a convert to the gospel of regular backups and redundant hardware, in a different sort of way. At my old job, I specialized in telling people what to do to ensure the availability of their Exchange and Windows servers. Furthermore, I write columns for two magazines in which I teach these principles. Unfortunately, my own application of them has been lacking. As it says in the New Testament, "For all have sinned, and come short of the glory of God."