NOTE: This was edited from http://www.ilopia.com/Articles/WindowsServer2003/EmailServer.aspx and from that site, it has pretty pictures as well!

You can install the Email Server by using Add or Remove Windows Components or Manage Your Server. Manage Your Server is a bit easier to use too, because it will prompt you for the domain you want to use during setup. That will not Add or Remove Windows Components do, and we have to do everything manually.
If it’s not open, start Manage Your Server by clicking Start->Programs->Administrative Tools->Manage Your Server.

* Click on Add or remove a role.

This will start the Configure Your Server Wizard. Read the text and make sure you have connected all the necessary cables and all the other things it says you should do before continuing.

* Click Next

The wizard will now detect your network settings. This will take a while depending on how many network connections you have

We now come to the step where we add and remove roles for our server. We will add the Mail Server role. I also suggest that before you click Next,

* Click Mail server (POP3, SMTP)
* Click Next

You will now specify the type of authentication and type the email domain name.

* Click Next

Next step is to confirm the options you have selected.

* Click Next

The installation will start, and will also start the Windows Components Wizard. When you get prompted to insert your Windows Server 2003 CD-ROM into your CD-ROM drive, do so. If you didn’t get prompted to do that, you maybe already have it in the drive.

* Click Finish

Install the Email Server

* Click Start, then run, and type p3server.msc

This will open up the POP3 Service. This is where you configure and manage the POP3 part of the mail server.

* Click on <ComputerName> in the left pane
* Click on Server Properties in the right pane

This brings up the Properties for our Mail Server.

Authentication Method

There are three different authentication methods you can use; Local Windows Accounts, Active Directory Integrated and Encrypted Password File. It is an important decision which method to use, because once you have chosen, you must delete all email domains on the server to change method (from now on, you can migrate Encrypted File user accounts to AD, but nothing else can be migrated).

* Local Windows Accounts
If your server is stand alone (not member of an Active Directory domain), and you want to have the user accounts on the same local computer as the POP3 service, this is the best option. By using this option, you will use the SAM (Security Accounts Manager) for both the email user accounts, and the user accounts on the local computer. This means that a user can use the same user name and password to be authenticated for both the POP3 service and Windows on the local computer. But there is a limitation, although you can host multiple domains on the server, there must be unique user names for all domains. So, let us say you have two users named Sandra. One working at company1.com and another one working at company2.com. Their user name used will be sandra@company1.com and sandra@company2.com. But in SAM, they will both have the same user name, sandra, so one of them must be renamed to something else (if we don’t want them to read each other’s emails).

If you create the user account when you create the mail box (by using the POP3 interface), the user will be added to the POP3 user group. Members of this group are not allowed to logon locally. The fact that the users are added to the POP3 group does not mean that you must be a member of this group to have a mailbox. You should however be careful adding mailboxes to users that are not member of the POP3 group, because the password used for email can for example be sniffed (if you are not using SPA), or someone can brute force the password and gain access to the server.
* Active Directory Integrated
You can select this option if the server is a member of an Active Directory domain or is a Domain Controller. By using this you will integrate the POP3 Service with you AD domain. AD users can use their user name and password to send and receive email. Of course you have to create mailboxes to them first. Unlike Local Windows Accounts you can use the same user name on different domains. So sandra@company1.com and sandra@company2.com will have different mailboxes. There is however one thing you should know about, that does not affect the mailbox name and email-name, and the pre-Windows 2000 user name can be changed. Active Directory do not support the same pre-Windows 2000 user name, and this name is usually the same as the user name, which means that if you create a mailbox and user with the same pre-Windows 2000 user name, it will rename the pre-Windows 2000 user name.
* Encrypted Password File
This is the option you want to select if you don’t use Active Directory or don’t want to create users on the local computer. Like Active Directory Integrated you can have the same user name on different domains, but you cannot assign the same user name to several mailboxes within the same domain.
This method works by creating an encrypted file stored in each user’s mailbox. This file contains the password for the user. When the user wants to check his/her email, the password that the user supplies is encrypted and compared to the one in the file.
It is possible to migrate Encrypted File user accounts to AD user accounts.

Logging Level

Four options to choose between. If you change this, remember that you must restart the POP3 service.

* None
Nothing is logged.
* Low
Only critical events are logged.
* Medium
Both critical and warning events are logged.
* High
Critical, warning and informational events are logged.

Root Mail Directory

If you don’t want to use the default Mail Directory, you can choose another one. Make sure the path is not more than 260 characters and you can also not store to the root of a partition (i.e. C:). It is strongly recommended that you use a NTFS formatted partition. You can’t use a mapped drive, but the UNC name (\\servername\share) can be used. If you later change the store, and there are still emails in one or more boxes, you must manually move the folders in which there are emails to the new location. You must also reset the permissions on the directory by using winpop set mailroot.

SPA

Enable SPA if you want to have a secure communication between your email sever and email clients. This will send both the user name and password encrypted from the client to the server, instead of sending it in clear text. SPA supports only Local Windows Accounts and Active Directory Integrated Authentication. It is recommended to use this. Remember to restart the POP3 service if you change this.

Create a mailbox

The Setup Wizard created a domain to us, so we do not need to create this manually. If you did not use Manage Your Server to install, add the domain manually be clicking the server name in the left pane and then click New domain in the right pane. Remember to set the properties before you add the domain.

* Click on your domain (ilopia.com in my case) in the left pane.
* Click Add Mailbox in the right pane.

This will open up the Add Mailbox window.

* Write bob in Mailbox Name
* Write bob as password (of course this is not a password you should use in a production environment, it’s too short)
* Click OK

A message will pop-up and tell you how to configure the email clients. Read this, and notice the difference when using SPA or not.

* Click OK

What we just did was not only creating a mailbox named bob, but we also created a user bob. We will also create a mailbox for an existing user – ariel. To do that we simply perform the same steps, but we uncheck Create associated user for this mailbox. Remember that the mailbox name must be less then 21 characters (64 for Encrypted Password File and Active Directory). Periods are allowed to use, but not as the first or last character.

So, we have now two users. Are they equally? No, bob is a member of the POP3 Users group, which is denied to logon locally. Ariel is not member of this group, and can still logon locally and access her mailbox.

A co-worker of mine just figured out why a push installation of Veritas backup was not working correctly.  Feel free to read what he did to resolve the issue.

When a media server makes a connection with a remote system, the initial connection will be initiated on port 10000. The Remote Agent will be listening for connections on this pre-defined port.

To get around this problem I performed the following steps:

1. Instead of pushing the Remote Agent For Windows Servers (RAWS)I instead ran the installation locally on the server in which I intended to backup. For this expample the location of the installation files were X:\BEWS_11D.7170_32BIT_VERSION\WINNT\INSTALL\RAWS32.

2. Run setup.exe and select the appropriate media server in which this agent will publish it’s information to. You may have an issue in which the Backup Exec Remote Agent for Windows Systems service will not start. The event log will most likely have the following event:

Event Type:Error
Event Source:Backup Exec
Event Category:None
Event ID:58117
Date:3/9/2009
Time:12:21:17 PM
User:N/A
Computer:ALTIGEN4
Description:
The Backup Exec Remote Agent for Windows Servers Service did not start. The application failed to listen on the NDMP TCP/IP port. Check the network configuration.

For more information, click the following link:

http://eventlookup.veritas.com/eventlookup/EventLookup.jhtml

3. You will need to reserve the port for this service to listen on. For this situation I used port 9000.

Note- For Backup Exec 11d and above: These steps only need to be done on the the affected remote server(s). All other remote servers can have the existing/default NDMP Port.

To reserve the port on the remote machine you will need to do the following:

3a- Go to C:\WINDOWS or \WINNT\system32\drivers\etc and modify the “services” file
3b- Go to the bottom of the file and add the following line:

ndmp 9000/tcp #Network Data Management Protocol

3c- Save the change.

4. Start the Backups Exec Remote Agent for Windows Systems service and then launch the Symantec Backup Exec Remote Agent Utility usually running on the task bar or you can launch via Programs->Symantec Backup Exec For Windows Servers->Backup Exec Remote Agent Utility

5. Navigate to the “Publishing” tab and check off “Enable the Remote Agent to publish information to the media servers in the list” click “Add” and enter the name of the media server. You may now see the remote server’s FQDN in the “Published names for this agent” field.

6. On the media server go to Tools->Options->Network and Security and check off “Enable remote agent TCP dynamic port range” and specify as such.

Note- for this situation I chose to use the dynamic port range of 9000-10000.

7. Click OK in the Options Dialog box and you should now be able to see the remote system under “Windows Systems” when configuring a new job.

I had a user that whenever she opened up citrix, she would receive the following citrix error:

Cannot connect to the citrix presentation server. SSL Error 61: You have not chosen to trust “Thawte Server CA”, the issuer of the server’s security certificate.
To resolve, I knew I needed the root CA cert.  I then stumbled upon the root CA download location for Thawte.

http://www.thawte.com/roots/
Once downloaded and installed the right cert, citrix began working again.  Another problem solved by google and hitting my head against my desk a few dozen times…

Installing RightFax servers to share a SQL database

To install multiple RightFax servers that share a SQL database, complete the following general steps:

1. If you are upgrading, print or make a copy of the Windows registry key HKEY_LOCAL_MACHINE\ Software\RightFax so that you have a copy of any changes that have been made to customize the system. In a typical shared database configuration, customizations should be identical on each RightFax server.
2. Install the RightFax server on the first RightFax server computer. Define the SQL database as you are prompted during the installation.
3. Activate licensed features on the first RightFax server computer.
4. On the second RightFax server computer, run the RightFax server installation program.
5. During the installation, point the second RightFax server to the SQL database that you defined when you installed the first RightFax server.
6. During the installation, you will be prompted to delete the existing RightFax database or append to the existing database. Choose to append.
7. Activate licensed features on the second RightFax server, as described in step 2. To avoid license conflicts and violations, all of the RightFax servers that share a common SQL database must have the same licensed features activated.
8. Repeat steps 4 through 7 for each added RightFax server.

Providing access to shared resource folders

The following folders are shared among all the RightFax servers in the shared database configuration:

• Image (contains sent and received faxes stored as compressed graphic image files).
• SIG (contains graphic images of user signatures for placement on faxes).
• Papers (contains the names of overlay form files).
• FCS (contains fax cover sheets).
• Outgoing (contains outbound files from all submission methods that are held while being processed into fax images, such as temporary fax queue spool files).
• BFT (contains text files created by the OCR process).
• CmdData (contains transaction files for each fax sent via e-mail or via SecureDocs).

This is the abbreviated version of the captaris kb 4442

When using RPC/HTTPS connection in Outlook, you will need to follow the instructions below to store your password so Outlook will not prompt you for credentials. You must be running on Windows XP or Vista (any edition except Windows Home).

1. In Outlook,  Go to: Tools > Email Accounts > Click Next to View or change existing email accounts > Highlight Microsoft Exchange Server and click Change > Click More Settings > Connections tab > Exchange Proxy Settings.
2. Select NLTM Authentication as the Proxy Authentication Setting
3. Check Connect using SSL only and Mutually authenticate the session when connecting with SSL
4. The Principle name for the proxy server is in the following format:
   • msstd:proxy.server.com (proxy.server.com is the same as the Proxy Server URL)
5. Click OK and close all the Outlook Settings Windows
6. Launch Outlook, and when prompted for your username and password, make sure to check the box ‘Save Password’ and login.
7. In Windows, click the Start Menu > Run > Type in “control keymgr.dll’”
8. You’ll see an entry now with the Exchange Server name. Select it can click Properties
9. Change the first portion up to the first period ‘.’ with an asterisk ‘*’. Below is an example:
   • “Exvmbx017-10.exch017.msoutlookonline.net”  should be changed to “*.exch017.msoutlookonline.net” (without quotes)
   • For Windows Vista you will need to Add a new entry. For the Log on to field, you will need to replace everything up to the last period with an asterisk “*”. Example: ”*.msoutlookonline.net”. Credential type should be set to “Windows Logon Credential”.
10. Enter in your password and click OK
11. Reboot the computer.

**Note: Only one account/password can be saved per Windows Profile**

If you are missing the Add button you may want to modify Windows Registry to save the password. Note, that for editing Windows Registry administrator rights are required, because it is not safe and you will perform it on your own risk.

1. In Windows, click the Start Menu > Run > Type in “regedit”
2. Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\
3. Find DisableDomainCreds entry. Value of 1 (enabled) will prevent you from saving new credentials.
   Cange the value to 0 and reboot. You should have the Add button. Note, that the value of 0 is the default value.
4. Also check LmCompatibilityLevel entry. It should be set to 3, which is a default value. If you have another value, change it to 3. If it does not work with 3 then also try it with 2.
5. Reboot the computer to apply changes.

See http://www.intermedia.net/support/kb/default.asp?id=1399 for more information.

A co-worker of mine noticed this issue.  Ipswitch was not reporting the free disk space for windows server 2008.  he did a little bit of research and noticed that it is a bug for windows 2008.  Please review the following web links to get more information on this.

http://forums.ipswitch.com/Topic49616-14-1.aspx

This details a script workaround on how to resolve this.

http://support.microsoft.com/kb/949701

This is the link that microsoft admits that they broke something that used to work correctly…

Strangely enough, I was asked this question 3 times last week, so figured it would be a good post for the blog…

You need to poke a hole through the firewall at port 445.  Once completed, you should be able to access your windows network share, assuming that this is configured properly.  If the firewall still rejects the traffic, poke a real hole in it and watch it suffer the fate that all firewalls should.

Perhaps this is why my specialty is not in firewalls/routers….NAH!

I have a client that would like to add email contacts to an address.  I told him that it wouldn’t work properly, but did forward him the following information:

Microsoft Exchange

The RightFax form supports two different address formats for addressing faxes: the FAX format, and the RFAX format.

To Send a Document to a Fax Number Using the FAX Addressing Format:

1. Specify a destination name and fax number in the To: or Cc: box of a new message using this format:

[FAX:Name@FaxNumber]

(You must include both the Name and FaxNumber as well as the enclosing square brackets.)

2. Separate multiple FAX addresses with semicolons.

Example:

[FAX:Jane Doe@555-1212];[FAX:John Smith@(520)555-1000]

RFAX Addressing Format:

1. Specify a destination name and fax number in the To: or Cc: box of a new message using this format:

[RFAX:Name@/FN=FaxNum]

(You must include the opening and closing square brackets.)

2. The name and fax number are required. You can also add these parameters for display on the cover sheet:

SMS Number:    /SMS=Number (replaces /FN for a fax number)

Billing code 1:    /AN=Code

Billing code 2:    /MN=Code

City and state:    /CI=City, State

Company:    /CO=Company

Voice phone number:    /VN=Number

3. Separate multiple RFAX addresses with semicolons.

Example:

[RFAX:JaneDoe@/FN=555-1212/VN=555-2345/CO=Acme, Inc.]

The rightfax server is 9.3 and has the exchange gateway configured.

The issue I was having is every time I opened up Outlook 2007, I would receive the error database creation was unsuccessful from the Business Small Contact Manager.  Now, I don’t know anyone that uses this software, so I was one step away from removing it, but decided to see if SQL was started first.  Sure enough, the service SQL Server (MSSMLBIZ) was not started.  Once starting this service, the install was able to finish.