Banner

Outlook Web App - Everything OWA

Frequently Asked Questions

Exchange 2013 migration in 12 easy steps

By Brian Posey, Techtarget.com

Migrating from Exchange Server 2010 to Exchange Server 2013 is rarely an easy process, but you can make the migration less painful by using this 12-step plan. We'll cover digital certificates, mail flow, training and everything else that will come up during your organization's Exchange 2013 migration.

1. Get the necessary training.

Even though Exchange Server 2013 has been widely regarded as one of the less significant Exchange Server releases, there are major architectural differences between Exchange Server 2010 and Exchange Server 2013. Your IT staff needs to receive the proper training before you even think about performing a migration. Similarly, it's a good idea to provide users with some updated training if they're used to Outlook Web App.

2. Check the system requirements.

The Exchange Server 2013 system requirements are similar to those for Exchange Server 2010. Even so, reviewing the system requirements is an important part of the deployment planning process so you don't run into issues later on.

3. Back up everything.

Prior to installing Exchange Server 2013, make a full system backup of your existing Exchange Servers and Active Directory. Deploying Exchange Server 2013 involves making updates to Active Directory, so you will need a way to roll back the directory if something were to go wrong.

4. Install Exchange Server 2013.

The next step in the Exchange 2013 migration process is to install Exchange Server 2013. You'll need to prepare your Active Directory and download the latest updates prior to performing the installation. In fact, the original RTM release of Exchange Server 2013 wasn't even compatible with Exchange Server 2010. It was only possible to join Exchange 2013 servers to an Exchange Server 2010 deployment once Cumulative Update 1 was released.

5. Verify the installation.

After the Exchange Server 2013 installation completes, verify that the installation was successful. To make sure there weren't any critical errors, start by reviewing the setup logs and looking at the Application log in the Event Viewer. You can also use the Get-ExchangeServercmdlet in the Exchange Management Shell to make sure the new Exchange Server is recognized.

6. Enter your product key.

When you've verified the new server's functionality, enter your product key. This is a simple step, but it's so simple that it's easy to forget.

7. Add digital certificates to the Client Access Server.

The next thing you should do in your Exchange 2013 migration is add digital certificates to the Client Access Server. Exchange Server 2013 includes a self-signed certificate that can be used for SSL encryption, but the self-signed certificate isn't appropriate for production use. You must provide your Client Access Server with a certificate created by a reputable, trusted certificate authority.

 

To read the full article, go to: searchexchange.techtarget.com

Using OWA offline mode for expanded Outlook access in Exchange 2013

By Brian Posey, Techtarget.com

Until recently, Outlook offline was only available to Outlook users. Organizations using Outlook Web App (OWA) for email access were left out in the cold when it came to offline access. In Exchange Server 2013, Microsoft introduced offline access for OWA users.

In Exchange 2013, OWA offline access is enabled by default; if you want to disable OWA offline, you need to use the Exchange Management Shell. Exchange Server 2013 allows you to control OWA offline access based on mailbox policies or on OWA virtual directories. Offline access can be granted to no computers, private computers or all computers. For example, you'd use the following command to set the OWA mailbox policy to allow offline access only to private computers:

Set-OWAMailboxPolicy –AllowOfflineOn PrivateComputers

Similarly, you could use another command if you wanted to block OWA offline access for the OWA virtual directory:

Set-OWAVirtualDirectory –AllowOfflineOn NoComputers

If you wanted to allow unrestricted access to OWA offline mode later on, you could use the same command as before, but set the –AllowOfflineOn parameter to AllComputers.

In OWA offline, the Web browser does all the work

When I've had the opportunity to talk about OWA offline access, the same questions come up. People often ask where the cached data is stored and how much space the cached data consumes. Unfortunately, there are no straightforward answers to these questions because the end user's Web browser does all the work. The Web browser controls the path where cached data is stored and also sets the quota for how much cached data can be stored on a Web client.

The browser even controls the data repository. For example, Internet Explorer 10 stores cached OWA data in an IndexedDB database (which is an HTML5 standard), while Safari and Chrome use a WebSQL database.

The OWA cache is different from the Outlook cache

One of the most important things to understand about OWA caching from the end user standpoint is that it works differently than Outlook's caching feature. In Outlook, a user's mailbox data is cached to an OST file because OWA offline mode uses a browser database instead. The content database type is not the only difference; there are also major differences in the actual cached data.

 

To read the full article, go to: searchexchange.techtarget.com

Giving OWA themes a makeover in Exchange 2013

By Brian Posey, TechTarget.com

When organizations begin using Outlook Web Apps, it's often only a matter of time before someone on the senior management team asks if OWA can be branded with the corporate logo or colors. As long as you have a basic understanding of HTML and Cascading Style Sheets (CSS), Microsoft makes it easy to customize OWA 2013.

This tip focuses on OWA 2013's premium version, which supports customization; the light version doesn't support customizations that are based on OWA themes. You should be able to customize older versions of OWA in a similar manner, but you have to slightly alter the technique due to differences in file paths. This tip also assumes Exchange is configured using the default installation path.

Creating a theme in OWA 2013

Although you can technically get away with modifying existing OWA themes, it's smarter to build new themes. If you make a mistake when editing a default theme, you could irreparably damage OWA. Here we'll copy a default theme and use it as a starting point for customizing OWA

Log on to your Client Access Server (CAS) server and navigate to:
C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\OWA\<version>\Owa2\resources\Themes

Create a folder with the name of your organization, then copy the contents of the Base folder into that new folder.

Before you move on, there is an XML file you'll need to update.

 

To read the full article, go to: SearchExchange.TechTarget.com

Five Exchange 2013 Migration gotchas to watch for

By Steve Goodman, TechTarget.com

Exchange Server 2013 is a bigger, more complex platform that leaves behind some of the legacy Exchange features in favor of new ones along with better overall reliability. Before upgrading to the latest version, it's important that you're aware of a few factors that will help ensure a successful migration.

Exchange 2013 migration gotcha #1: Clients

Just as Exchange 2010 removed support for Outlook 2000, Exchange 2013 removes support for Outlook 2003. When it comes to Exchange 2013, you must use Outlook 2007, Outlook 2010 or Outlook 2013. Outlook 2007 must run Service Pack 3 along with the November 2012 updateor later, while Outlook 2010 must run Service Pack 1 along with the November 2012 updateor later.

When patching clients, consider Windows Server Update Services. You can also use the Microsoft Assessment and Planning toolkit, as well as the Get-LogonStatistics cmdlet in Exchange 2007 and the Exchange Server User Monitor (ExMon) in Exchange 2010.

And it's not just Outlook you need to worry about. With Exchange 2007, users could experience Outlook Web Access in all its glory with a version of Internet Explorer as low as IE6. In Exchange 2010, the minimum version required to experience the Premium Outlook Web App is IE7. Therefore, it shouldn't surprise anyone that IE8 is necessary for Exchange 2013. At the time of writing, however, IE8 suffers from performance issues when running Outlook Web App 2013, so consider IE9 the baseline. It will give users the best OWA 2013 experience on Vista and above.

For Windows XP and other operating systems, third-party browsers like Firefox (v17+), Chrome (v24+) and Safari (v6+ on Mac) also provide great support for Exchange 2013. Check out the table of supported clients on Microsoft's TechNet site for the most up-to-date information.

Exchange 2013 migration gotcha #2: Outlook Web App redirection

This one affects companies migrating from Exchange 2007 that use forms-based authentication (FBA) within Exchange. Previously, when a company migrated from Exchange 2003 or Exchange 2007 toExchange 2010, legacy coexistence with FBA worked very well. When a user logged into OWA, he was redirected to the legacy server, and the username and password were passed along with the redirection request.

In a coexistence scenario with Exchange 2007 and Exchange 2013 (using FBA) the username and password are not passed when an Exchange 2007 user logs in. The user is redirected to an Exchange 2007 server and is forced to log on a second time. If you're expecting a lengthy coexistence period, look into how you'll work around this issue.

If you already use Forefront TMG 2010 to perform pre-authentication and forms-based authentication, you're free to continue using it. Alternately, various third-party load balancers provide built-in pre-authentication support.

All this said, if you've already implemented Windows Integrated Authentication for Outlook Web Applogins, you won't be affected.

Exchange 2013 migration gotcha #3: Outlook Anywhere

...


To read the full article, go to: SearchExchange.TechTarget.com

Public Folders Appearing as Unhealthy after installing Exchagne 2013 CU3

Since updating to Exchange 2013 CU 3 we have seen reports of users no longer being able to see Public Folders. This issue seems to be organization wide rather than on a per user basis, with users either unable to see the Public Folder mailboxes or seeing them as locked in migration.

To confirm if this is the case in your organization you can run the Get-HealthReport cmdlet. This should tell you whether or not your Public Folders are unhealthy.

This issue occurs because Cumulative Update 3 introduces a new PublicFolderLocalEWSLogon probe, monitor, and responder. The PublicFolderLocalEWSLogon probe tries to access public folder mailboxes. However, the probe fails if it cannot access them. This causes the health set to be "Unhealthy." While there are no other effects of the probe failing beyond marking the health as ‘Unhealthy’.

To resolve this issue, select one of the following methods to disable the PublicFolderLocalEWSLogon probe, monitor and responder.

Create an override for all servers

Use the following commands to disable the responders, monitors, and probes on all Exchange Server 2013 servers that have Cumulative Update 3 version 15.0.775.38:

Add-GlobalMonitoringOverride -Identity "Publicfolders\PublicFolderLocalEWSLogonEscalate" -ItemType "Responder"-PropertyName Enabled -PropertyValue 0 -ApplyVersion "15.0.775.38"

Add-GlobalMonitoringOverride -Identity "Publicfolders\PublicFolderLocalEWSLogonMonitor" -ItemType "Monitor" -PropertyName Enabled -PropertyValue 0 -ApplyVersion "15.0.775.38"

Add-GlobalMonitoringOverride -Identity "Publicfolders\PublicFolderLocalEWSLogonProbe" -ItemType "Probe" -PropertyName Enabled -PropertyValue 0 -ApplyVersion "15.0.775.38"

Create an override for a specific server

Use the following commands to disable the responder, monitor, and probe on a specific Exchange Server 2013 server that has Cumulative Update 3 version 15.0.775.38. In this example, we are creating an override for a server that is named Exch2, so change the server name to match your server.

 

Add-ServerMonitoringOverride -Identity "Publicfolders\PublicFolderLocalEWSLogonEscalate" –Server Exch2 -ItemType "Responder" -PropertyName Enabled -PropertyValue 0 -ApplyVersion "15.0.775.38"

Add-ServerMonitoringOverride -Identity "Publicfolders\PublicFolderLocalEWSLogonMonitor" -Server Exch2 -ItemType "Monitor" -PropertyName Enabled -PropertyValue 0 -ApplyVersion "15.0.775.38"

Add-ServerMonitoringOverride -Identity "Publicfolders\PublicFolderLocalEWSLogonProbe" -Server Exch2 -ItemType "Probe"-PropertyName Enabled -PropertyValue 0 -ApplyVersion "15.0.775.38"

Protecting Outlook Web App and the Active Directory from Denial of Serice and Brute Force Attacks

If you had to choose, which security attack would you allow: opening your network up to brute force attacks or tolerating denial of service attacks? The first answer that probably comes to mind is neither. Yet, when configuring the account lockout policies in the Group Policy Management Console, this is the all-important question that you must ask yourself, because, depending on how you configure the account lockout threshold, you will be forced to allow one or the other attack. This is an especially delicate question when considering your Outlook Web App deployment because OWA and the Active Directory are both governed by the same account lockout policy settings. So, if there is an alternative choice that protects against both attacks without compromise, it would be worth considering.

To read the full article, go to: messageware.com

How to create multiple instances of OWA

By Brian Posey, SearchExchange.TechTarget.com

Creating multiple Outlook Web Access instances is a great way to assign users different sets of OWA features and/or give file share access to users who need it -- without giving everyone in your organization the same access. This tip explains a method that can be used in any version of Windows, although some steps are platform-specific.

Here are five initial configuration steps that you can use to create different OWA instances on any Windows version.

  1. Assign an additional IP address to your client access server

You don't have to install additional network interface controllers (NICs) onto the server, but you can. Windows allows you to bind multiple IP addresses to a single NIC.

  1. Create a new website

OWA is a Web application that depends on Internet Information Services (IIS). When you install the Client Access Server role, Exchange creates multiple IIS virtual directories within the server's default website.

You can manually add more virtual directories to the default website, but limitations within Exchange Server prevent you from creating additional Exchange-related virtual directories. Therefore, you'll need to create a dedicated website for each additional OWA instance that you plan to create.

As a part of the site-creation process, you must bind an IP address to the site; each site should have a unique IP address. After you assign an IP address to the server, create a DNS record that allows users to access the new website using a new domain name.

When you create a website through IIS, its virtual directory maps to a physical folder on the server's hard drive. Note which folder is being used as the site's home directory.

  1. Create a new virtual directory

Now that you've created a site to host a new OWA instance, you're going to need to create the necessary Exchange virtual directories within that site. At the very least, you need to create the OWA virtual directory. You may also want to create other directories depending on which Exchange Server versions your organization uses.

 

To read the full article, go to: SearchExchange.com

Using OWA offline mode for expanded Outlook access in Exchange 2013

By Brien Posey, SearchExchange.TechTarget.com

Until recently, Outlook offline was only available to Outlook users. Organizations using Outlook Web App (OWA) for email access were left out in the cold when it came to offline access. In Exchange Server 2013, Microsoft introduced offline access for OWA users.

In Exchange 2013, OWA offline access is enabled by default; if you want to disable OWA offline, you need to use the Exchange Management Shell. Exchange Server 2013 allows you to control OWA offline access based on mailbox policies or on OWA virtual directories. Offline access can be granted to no computers, private computers or all computers. For example, you’d use the following command to set the OWA mailbox policy to allow offline access only to private computers:

Set-OWAMailboxPolicy –AllowOfflineOn PrivateComputers

Similarly, you could use another command if you wanted to block OWA offline access for the virtual directory:

Set-OWAVirtualDirectory – AllowOfflineOn NoComputers

If you wanted to allow unrestricted access to OWA offline mode later on, you could use the same command as before, but set the –AllowOfflineOn parameter to AllComputers.

In OWA offline, the Web browser does all the work.

When I’ve had the opportunity to talk about OWA offline access, the same questions come up. People often ask where the cached data is stored andhow much space the cached data consumes. Unfortuantely, there are no straightforward answers to these questions because the end user’s Web browser does all the work. The Web browser controls the path where cached data is stored and also sets the quota for how much cached data can be stored on a Web client.

The browser even controls the data repository. For example, Internet Explorer 10 stores cached OWA data in an IndexedDB database (which is an HTML5 standard), while Safar and Chrome use a WebSQL database.

The OWA Cache is different from the Outlook cache

One of the most important things to understand about OWA caching from the end user standpoint is that it works differently that Outlook’s caching feature. In Outlook, a user’s mailbox data is cached to an OST file because OWA offline mode because OWA offline mode uses a browser database instead. The content database type is not the only difference; there are also major differences in the actual cached data.

 

To read the full article, go to: SearchExchange.com

Giving OWA themes a makeover in Exchange 2013

By Brien Posey, SearchExchange.TechTarget.com

When organizations begin using Outlook Web Apps, it’s often only a matter of time before someone on the senior management team asks if OWA can be branded with the corporate logo of colors. As long as you have a basic understanding of HTML and Cascading Style Sheets (CSS), Microsoft makes it easy to customize OWA 2013.

This tip focuses on OWA 2013’s premium version which supports customization; the light version doesn’t support customizations that are based on OWA themes. You should be able to customize older version of OWA in a similar manner, but you have to slightly alter the technique to differences in the file paths. This tip also assumes Exchange is configured using the default installation path.

Creating a theme in OWA 2013

Although you can technically get away with modifying existing OWA themes, it’s smarter to build new themes. If you make a mistake when editing a default theme, you could irreparably damage OWA. Here we’ll copy a default theme and use it as a starting point for customizing OWA.

Log on to your Client Access Server (CAS) and navigate to:

C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\OWA\<version>\Owa2\resources\Themes

Create a folder with the name of your organization, then copy the contents of the Base folder into that new folder.

 

To read the full article, go to: SearchExchange.com

Tailor Exchange Deployment Assistant for a successful server install

By Brien Posey, SearchExchange.TechTarget.com

There's nothing overly complicated about the Exchange Server 2013 Setup Wizard, but experienced Exchange admins know all too well that there's more to deploying Exchange than just running the Setup Wizard.

Properly deploying Exchange involves a lot of planning. And if you have an existing Exchange Server deployment, there also are usually a number of pre- and post-installation tasks to complete. Microsoft's free Exchange Deployment Assistant tool walks admins through the deployment process.

What makes the Exchange Server 2013 Deployment Assistant unique

The latest Exchange Deployment Assistant version can provide you with a set of detailed deployment instructions that address your needs. All you have to do is to provide the tool with the information it needs.

The Deployment Assistant makes you choose whether you want to perform an on-premises, cloud-only or hybrid deployment. Every other question the tool asks is a direct result of the choice you make on this screen.

The cloud-only option applies only to Office 365 deployments; it's technically possible to deploy Exchange Server 2013 onto an Infrastructure as a Service (IaaS) cloud such as Windows Azure, but doing so is not yet officially supported. If you decide to roll the dice and deploy Exchange to an IaaS cloud, you'll need to choose the Deployment Assistant's on-premises option and pretend the cloud-based virtual machines actually exist on-premises.

How the Exchange Server 2013 Deployment Assistant works

The Exchange Deployment Assistant asks you a number of questions about your Exchange installment. The line of questioning is completely dynamic; whether you're asked a particular question depends on how you answered previous questions.

The Deployment Assistant starts by asking general questions about your deployment plans and then gradually begins to ask more specific questions as it learns about what you want to accomplish. For example, the first question asks whether you want to deploy Exchange on-premises or in the cloud, or create a hybrid deployment. If you chose the option to deploy Exchange on-premises, the next question asks you to select your deployment scenario. You have the option to perform a new Exchange 2013 installation or upgrade from Exchange 2010 or Exchange 2007.

Even though the Exchange Deployment Assistant walks you through the deployment process, it doesn't produce step-by-step instructions containing specific values for your own organization. Instead, the tool compiles a series of deployment documents from TechNet; the documents are compiled and arranged based on your answers.

This isn't to say the Deployment Assistant provides completely generic instructions. One of the deployment steps you will likely encounter involves the collection of required information. You can see this particular step describes exactly what information needs to be collected and provides an example of what the value should look like. It has a place where you can write in the values for your own organization.

When you reach the end of the checklist (at least in an on-premises deployment) the Deployment Assistant tells you how to confirm a successful deployment. It also provides a link to the Remote Connectivity Analyzer, which can be used to detect and help you correct connectivity problems.

 

To read the full article, go to: SearchExchange

 

More FAQs...

Articles

Third-party transport agents cannot be loaded correctly in Exchange Server 2013

support.microsoft.com

After you install Microsoft Exchange Server 2013 Service Pack 1 (SP1) or you upgrade an existing Microsoft Exchange Server 2013 installation to Exchange Server 2013 SP1, third-party or custom-developed transport agents cannot be installed correctly. Additionally, the Microsoft Exchange Transport service (MSExchangeTransport.exe) cannot start automatically. Specifically, you cannot enable third-party products that rely on transport agents. For example, you cannot enable anti-malware software or custom-developed transport agents.

When the installation fails, you also receive an error message that resembles the following:

The TransportAgentFactory type must be the Microsoft .NET class type of the transport agent factory.

Microsoft has developed a PowerShell script that corrects a formatting error in the configuration files that govern the Transport Extensibility that is built into Exchange Server 2013. To have us apply this script for you so that Transport Extensibility and third-party products that use this capability function correctly, go to the "Fix it for me" section. If you prefer to fix this problem yourself, go to the "Let me fix it myself" section.


To read the full article, go to: Microsoft Support

Released: Exchagne Server 2013 Service Pack 1

By The Exchange Team, Technet

 

Exchange Server 2013 Service Pack 1 (SP1) is now available for download! Please make sure to read the release notes before installing SP1. The final build number for Exchange Server 2013 SP1 is 15.00.0847.032.

SP1 has already been deployed to thousands of production mailboxes in customer environments via the Exchange Server Technology Adoption Program (TAP). In addition to including fixes, SP1 provides enhancements to improve the Exchange 2013 experience. These include enhancements in security and compliance, architecture and administration, and user experiences. These key enhancements are introduced below.

Security and Compliance

SP1 provides enhancements improving security and compliance capabilities in Exchange Server 2013. This includes improvements in the Data Loss Prevention (DLP) feature and the return of S/MIME encryption for Outlook Web App users.

DLP Policy Tips in Outlook Web App – DLP Policy Tips are now enabled for Outlook Web App (OWA) and OWA for Devices. These are the same Policy Tips available in Outlook 2013. DLP Policy Tips appear when a user attempts to send a message containing sensitive data that matches a DLP policy. Learn more about DLP Policy Tips.

DLP Document Fingerprinting – DLP policies already allow you to detect sensitive information such as financial or personal data. DLP Document Fingerprinting expands this capability to detect forms used in your organization. For example, you can create a document fingerprint based on your organization’s patent request form to identify when users are sending that form, and then use DLP actions to properly control dissemination of the content. Learn more about DLP Document Fingerprinting.

DLP sensitive information types for new regions – SP1 provides an expanded set of standard DLP sensitive information types covering an increased set of regions. SP1 adds region support for Poland, Finland and Taiwan. Learn more about the DLP sensitive information types available.

S/MIME support for OWA – SP1 also reintroduces the S/MIME feature in OWA, enabling OWA users to send and receive signed and encrypted email. Signed messages allow the recipient to verify that the message came from the specified sender and contains the only the content from the sender. This capability is supported when using OWA with Internet Explorer 9 or later. Learn more about S/MIME in Exchange 2013.

 

 

 

To read the full article, go to: Technet.com

Exchange 2013 SP1 - mixture of new and completed features

By Tony Redmond, WindowsITPro

Three months after they shipped Exchange 2013 CU3, Microsoft has announced the release of Exchange 2013 SP1, or cumulative update 4 (CU4) to its friends. The announcement will no doubt come as pleasant relief to those who insist that no Microsoft server product can ever be installed until the first service pack appears. Like waiting for the first cuckoo of spring to sing before planting, such a well-worn adage is challenged in an era when the demands of the cloud mandates that on-premises customers receive quarterly updates, but some people find it hard to shift old habits. In any case, build 847.32 aka Exchange 2013 SP1 is now available for download.

To make sure that those running older versions of Exchange are not left out, Microsoft has also released Rollup Update 13 for Exchange 2007 SP3 and Rollup Update 5 for Exchange 2010 SP3.

I won't bore you with the details of how to install Exchange 2013 SP1 because the upgrade from CU3 was easy (at least for me). A schema extension is required to accommodate new objects and cmdlets and the consequent updates to RBAC roles, so be sure to include this step in your planning. The normal caveats about preparing DAG member servers by putting them into maintenance mode before starting the upgrade and shutting down all Exchange components like EMS and EAC apply. My upgrades occurred without trauma, which was a nice surprise. The sole caveat is to check that all services come back online after the upgrade as the transport services can be picky about restarting.

Looking through the set of features and updates provided in Exchange 2013 SP1, we find a mixture of finishing off important components and extending new functionality. Adding S/MIME support back for Outlook Web App (OWA) is an example of the former; providing the ability to add custom sensitive data types through document fingerprinting for Data Loss Prevention (DLP) is an example of the latter. The full list of updated functionality in SP1 is shown below. Where appropriate, the features are also available to users of Exchange Online in Office 365. In fact, the nature of the development process is that new functionality is slip-streamed into production in the cloud some weeks before it is made available to on-premises customers in an update like SP1. It is therefore quite possible that you have been able to use upgraded functionality for some time, even if you never realized it.

 

To read the full article, go to: WindowsITPro.com

Microsoft employee e-mail also hit by Syrian Electronic Army

By Steven Musil, CNet.com

After some of the company's social-networking accounts were hacked, Microsoft says some of its e-mail accounts were also compromised.

In addition to compromising some of Microsoft's social-networking accounts, the Syrian Electronic Army also accessed a "small number" of employee e-mail accounts, the company confirmed Wednesday.

The hacking group, which has taken responsibility for an array of breaches in the past couple of years, tweeted three e-mails over the weekend that appeared to originate from Microsoft employee Outlook Web Access accounts. The screenshots posted by the group included conversations among employees regarding recent compromises of Microsoft-owned Twitter accounts.

"A social engineering cyber-attack method known as phishing resulted in a small number of Microsoft employee social media and e-mail accounts being impacted," a Microsoft spokesperson said in a statement to CNET. "These accounts were reset and no customer information was compromised. We continue to take a number of actions to protect our employees and accounts against this industry wide issue."

The Syrian Electronic Army -- a political hacking group that supports Syrian President Bashar Assad -- appears to be waging a war on Microsoft. Over the weekend, the group took control of the Twitter accounts of Xbox and Xbox Support, along with Xbox's Instagram account. The company's TechNet blog was also compromised.

A tweet sent by the group Wednesday indicated that its campaign against the tech giant was not over.

Twitter has long been a favorite battleground for the Syrian Electronic Army, with recent hack victims including the accounts of the parody news site the Onion, the messaging app Viber, The Associated Press, NPR, CBS (parent company of CNET), the Guardian, and the BBC.

 

To read the full article, go to: News.Cnet.com

Why I needed to use Outlook Web App’s in offline mode instead of Outlook

By Tony Redmond, WindowsITPro.com

Some difficulties with Wi-Fi forces a decision to use Outlook Web App configured for offline access instead of Outlook 2013. Why? Well, Outlook is a bit of a pig when it comes to network resources because it synchronizes so much data from so many sources. On the other hand, OWA is efficient and quick and uses far less bandwidth - and still provides a pretty good interface.

I've made lots of comments about Outlook Web App (OWA) over the last year. Justifiably so, I think, seeing that I have actually been using OWA more than I usually do and Microsoft has released their OWA for iOS app. But returning once again to my travel escapades that caused me to use OWA light on a TV set in Abu Dhabi, I continued to experience more network connectivity issues as I traveled onward to Australia that resulted in a decision being made to use OWA premium rather than Outlook 2013 for the duration of the trip. On the surface (no pun intended, for this was indeed the device I used), this might seem like a strange thing to do as Outlook 2013 is obviously a much more functional client than OWA. But Outlook’s functionality has to be paid for in the form of resources and in this case, it was the network that determined client choice. Or lack of network to be precise.

Australia is a wonderful country with friendly people, great weather, and a host of things to do. That advertisement for the Australian tourist authority has to be balanced by the fact that most Australian hotels insist on abusing their clients by over-charging for weak and slow Wi-Fi networks. $20 a night seems to be the going rate in most cities, which I wouldn’t mind paying if I was able to connect to more than just Facebook.

Of course, it’s possible to seek out free Wi-Fi in coffee shops and the like but there’s a limit to the amount of coffee that you can drink, good as it might be. So a decision was made to purchase a Telstra 4G USB modem, a device that can support up to 5 concurrent connections at reasonable speed in the major urban areas.

For years, one of Outlook’s strengths has been its ability to insulate users from flaky networks by synchronizing data to the OST. The transition from offline to online access is smooth and email flows without a hitch. It’s one of the things that has made Outlook a premium client and one of the reasons why many spend a lot of their working life deep in Outlook.

But Outlook consumes a lot of network bandwidth to get things done. Outlook 2013 was perfectly happy to connect using the 4G modem, albeit slowly. The problem is that Outlook 2013 often connects to more than your personal mailbox. In fact, Outlook 2013 is a connection fulcrum that fetches information from myriad places to present a full picture of your online world. Links to Facebook and LinkedIn via Outlook’s social connector inform of important new developments in the lives of friends and colleagues while connections to shared mailboxes, site mailboxes, and public folders mean that all manner of information is available. And of course, the OAB is updated daily so that you know about new mailboxes and groups. All good stuff, but highly dependent on solid networks.

 

To read the full article, go to: WindowsITPro.com

Exchange 2013 CU3 causes headaches for OWA on Windows XP

By Tony Redmond, WindowsITPro.com

If you’re running Windows XP on the desktop, you already know that the April 2014 deadline for termination of extended support is looming. Exchange 2013 CU3 might just be giving you a little hint too as it seems that IE8 on Windows XP doesn’t deliver a great user experience with Outlook Web App. In fact, it’s horrible. Or even worse than horrible – and Firefox browsers also seem to have problems. So the writing is on the wall – time to upgrade and move away from Windows XP, even if client desktop refreshes are always horrible, expensive, and painful to manage.

The release of Exchange 2013 CU3 might just be the call to action to replace old browsers. Some early diployments (mostly test so far) have reported severe performance problems with Internet Explorer 8 (IE8) and Firefox version 24 when running Outlook Web App (OWA), with the likely culprit being some JavaScript problmes that cause memory leaks and poor performance. It might well be the case that the new multi-platform touch-capable OWA architecture introduced in Exchange 2013 is too much for IE8 to handle.

We’ve known that IW8 and the Exchange 2013 version of OWA don’t get on too well for some time now. Indeed, Microsoft’s official stance for Office 365 is that support for IE8 will end on April 8, 2014. KB2871314 provides a clue why OWA might have a problem in CU3 saying that IE8 users will experience:

slow performance when they perform common tasks such as the following:

  • Read new mail
  • Send and receive mail
  • Select recipients from the global address list (GAL)
  • Select folders”

The article goes on to say that the problem is caused by “JavaScript performance and memory usage issues in Internet Explorer 8” Pretty cleat – use IE8 and have a nice day.

Given that Exchange 2013 CU3 is essentially an on-premises version of the Exchange Online software running in Office 365 (albeit several weeks or so in development terms behind), it should come as no surprise that if Office 365 damns IE8 with weak of no praise that Exchange 2013 won’t be too happy for people to use IE8 either.

What is surprising is that Microsoft hasn’t been more emphatic in getting the message across to on-premises customers, perhaps because some sensitivity already exists in the upcoming termination of extended support for Windows XP in April 2014. IE8 is, of course, the last version of the browser supported by Windows XP. Unfortunately the option to upgrade IE doesn’t exist as Microsoft doesn’t support IE9 and later versions on Windows XP.

 

To read the full article, go to: WindowsITPro.com

Microsoft Security Bulletin MS13-105 - Critical

Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2915705)

 

Executive Summary

This security update resolves three publicly disclosed vulnerabilities and one privately reported vulnerability in Microsoft Exchange Server. The most severe of these vulnerabilities exist in the WebReady Document Viewing and Data Loss Prevention features of Microsoft Exchange Server. These vulnerabilities could allow remote code execution in the security context of the LocalService account if an attacker sends an email message containing a specially crafted file to a user on an affected Exchange server. The LocalService account has minimum privileges on the local system and presents anonymous credentials on the network.

This security update is rated Critical for all supported editions of Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, and Microsoft Exchange Server 2013. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerabilities by updating the affected Oracle Outside In libraries to a non-vulnerable version, by enabling machine authentication check (MAC) according to best practices, and by ensuring that URLs are properly sanitized. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerabilities entry under the next section, Vulnerability Information.

Recommendation. Customers can configure automatic updating to check online for updates from Microsoft Update by using the Microsoft Update service. Customers who have automatic updating enabled and configured to check online for updates from Microsoft Update typically will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates from Microsoft Update and install this update manually. For information about specific configuration options in automatic updating in supported editions of Windows XP and Windows Server 2003, see Microsoft Knowledge Base Article 294871. For information about automatic updating in supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, see Understanding Windows automatic updating.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

For more information go to: technet.microsoft.com

 

Exchange Online users have a new way to access email on iPhones and iPads

By Jeremy Stanley, SearchExchange.TechTarget.com

 

Microsoft delivered Outlook Web App (OWA) for Apple devices this week, but users need to have an Office 365 subscription and the cloud hosted version of Exchange.

Exchange 2013 server customers will have to wait.

The new application runs natively on iPhone 4S and iPad 2 or later hardware versions. It runs on devices running iOS 6 or later.

“The best thing that I see that it does is that it offers Office 365 customers an easy way to get their mail hooked up to their phone,” said Wes Miller, analyst at Kirkland, Wash.-based Directions on Microsoft.

Simply downloading a free app from Apple’s App Store and logging in with credentials is much simpler than navigating iOS system settings, Miller said.

The applications sport a user interface akin to Windows Phone 8 and the Windows 8 tablet app and offer access to Outlook mail and calendars.

The app includes many features users expect from the outlook experience including easy access to Active Directory contacts, Bing maps and contact search.

OWA for iPhone and iPad also offer native functions such as push notifications, voice actions and contact synchronization.

If an employee leaves the company or an employee loses a device, IT administrators can wipe email and calendar data from the app, without destroying personal data on the device.

 

To read the full article, go to: SearchExchange.com

Exchange 2013 Security Update MS13-061 Status Update

Microsoft became aware of an issue with MS13-061 security update for Exchange Server 2013. Specifically, after the installation of the security update, the Content Index for mailbox databases shows as Failed and the Microsoft Exchange Search Host Controller service is renamed.

Recommendation

If you have already installed MS13-061 security update on your Exchange 2013 servers, we recommend following the steps in KB 2879739 to resolve the issue.

Update 2874216 breaks the content index in Exchange Server 2013

http://support.microsoft.com/kb/2879739

 

If you have not installed MS13-061 security update on your Exchange 2013 servers, we recommend not proceeding with the update at this time.

To mitigate the security vulnerability, we recommend following the workaround steps identified in the Vulnerability Information – Oracle Outside in Contains Multiple Exploitable Vulnerabilities section in Microsoft Security Bulletin MS13-061.

 

Question/Answers from Microsoft

Q: What is the impact of this security vulnerability?

A: Please see the information contained within the MS13-061 Security Bulletin.

Q: I am about to upgrade from CU1 to CU2, will I be affected?

A: No, this issue does not occur when upgrading to a cumulative update. This issue only occurs when patching a .msi installation via a .msp file.

Q: Why does this issue occur with installing a .msp file?

A: During the Exchange 2013 installation (.msi installation), the service is created, the Data Folder Location registry key is created and during a post configuration step, the registry key is populated with data and the service name is rebranded. During the .msp installation, these settings are reverted back to their original installation values prior to the post-configuration step.

Q: If I follow the steps identified in the workaround, will I have issues in the future?

A: Following the steps identified in KB 2879739 will resolve the issue and not cause any future problems.

Q: What happens if I uninstall the security update?

A: You will need to follow the steps identified in KB 2879739, otherwise your search infrastructure will be broken.

Q: Why didn’t you recall the update rollups for Exchange 2010 and Exchange 2007?

A: Both Exchange 2010 and Exchange 2007 utilize a different indexing architecture and, as a result, are not impacted.

Q: How was this issue not detected in Exchange Online if Exchange Online is always receiving fixes before on-premises customers?

A: Exchange Online does not deploy .msp patches into the environment; instead, Exchange Online deploys new full builds of the product (cumulative updates, if you will) on a regular release cadence. As a result, Exchange Online was not impacted by this issue.

Q: How was this issue not detected in your on-premises deployments?

A: Unfortunately, this security update did not get deployed into our dogfood environment prior to release.

Q: You have told us time and time again that you were going to improve your testing procedures, and yet each time you have to tell us that you missed something. When will it end?

A: We will work very hard to regain your trust and confidence. With that said, we have recently made the decision to delay the release of Exchange 2013 RTM CU3 by several weeks to ensure that we have enough run time testing within our dogfood environment. Also, we will ensure that all patches are deployed in our dogfood environment prior to release going forward.

 

We will continue to make improvements in our release cadence and testing methodologies over time to ferret out these issues. These changes may mean that our once a quarter release cadence for Exchange 2013 may change.

 

OWA iOS app makes its debut

By Tony Redmond, WindowsITPro.com

When I published “Exchange ActiveSync to be replaced by OWA on mobile devices” on July 9, I certainly didn’t expect to see radical developments in the space quite so quickly, yet that’s just what happened when Microsoft released Outlook Web App (OWA) apps for iPhone and iPad in the Apple app store on July 16. Talk about good timing or perhaps just good luck!

To be clear, I had no up-front warning that Microsoft was about to release these apps. However, there had been many rumors (for example, this report from Apple Insider in May 2012). It makes a lot of sense for Microsoft to create apps that essentially act as a wrapper around OWA so that the out-of-the-box functionality that would be available by running Safari is augmented with code to store user credentials, use Autodiscover to connect to Exchange, and (most importantly) to apply a mixture of OWA and Exchange ActiveSync (EAS) policy settings to provide some administrative control over the apps.

You can find the new app by searching for "OWA for iPhone or OWA for iPad" in the app store. Other apps tout their ability to connect to Exchange and do a better job than Apple's mail app including OMP (Outlook Access for iOS), Mail+ for Outlook, Mail+ for ActiveSync, or even Outlook Mail Access for iPad. The big difference is that the OWA app is developed and maintained by Microsoft and, even better, it's free. You can't argue with that price point.

Apple is a great company that serves the interests of consumers extremely well. However, Apple is far less impressive when dealing with the needs of corporations who want to exert some control over applications. Apple’s track record of using EAS is spotty. On the one hand, its mail app is able to connect to Exchange using EAS to access mail and calendar information. On the other, there have been a large number of bugs in the way that Apple has used EAS, including the infamous “calendar hijacking” issue in late 2012. In addition, it seems like Apple has made a decision to implement just enough of the EAS protocol to allow its apps to use basic email functionality. It ignores all the extended settings that allow administrators to control security settings on the devices. In effect, Apple’s implementation of EAS delivers “just enough” and no more.

It’s easy to understand how frustrated Microsoft might become. They want Apple to support Exchange and were, no doubt, very happy when Apple decided to license EAS. But then the Apple mail app makes no attempt to use the extended features of Exchange. From Cupertino’s consumer-centric perspective their approach makes sense. In Apple's mind, the simple fact is that iOS devices support Exchange and no more needs to be done. End of story.

The new apps provide Microsoft with a method to control the user experience that is available through Exchange while also taking advantage of the iOS platform such as using Apple's push notification service to update the number of new messages on the OWA icon. In effect, the new situation is that you can use the Apple mail app if you simply want to access an Exchange mailbox or you can use the OWA app if you want richer (premium in OWA terms) functionality that’s available through OWA. For example, the initial release of the OWA app allows access to an archive mailbox - the first time that a mobile device has been able to use an archive. Other advanced features such as retention policies, delegate access to calendars, multiple calendars, support for IRM, and a view of free/busy data are available in the initial release as is support for EAS mailbox policy settings such as remote wipe and minimum PIN length.

 

To read the full article, go to WindowsITPro.com

 

More Articles...

Use Ctrl+Shift+R to “Reply all” to the selected message.
 

Poll

Will tablet and Smart phone use be a big part of your OWA 2013 deployment?