Hello,

       I am using a hybrid on premises active directory with office 365 environment with AD synced to office 365 using DIRSYNC. We are trying to achieve being able to send encrypted emails to clients using SMIME in OWA. We have used certutil to import certificates for some internal users which seems to let you send an encrypted email to them. However when creating a contact in AD for the external user and successfully importing the cert (you can see it in the userCertificate and userSMIMECertificate attribute in the object)  we are unable to email the recipient with an encrypted email as OWA cannot find the certificate. Also the internal users certificates appear in theirs entries in the GAL however the external contacts do not have their certificate included.

Could someone advise me how to use OWA to send SMIME encrypted emails to external recipients. You can't add a certificate to a contact in OWA as far as I can see.

Many Thanks

Paul

We are currently running Exchange 2010 sp3 and have a setup where we are providing email services to independent contractors who connect to us for email primarily using webmail.  We do not wish for the contractors to see each other in their address books.  We have long used the MSExchQueryBaseDN attribute in AD to specify an OU which has just a couple of corporate mail contacts in it and this is what all users see as the only entries in their address list when using outlook web app.

I have stood up our Exchange 2013 CU5 environment and have moved a few test users over to it.  Unfortunately the directory does not even appear when composing a new message and brining up the address book (only the user's contacts appear).  If I return the MSExchQueryBaseDN attribute to NULL value, the directory appears with ALL objects in it of course.

I initially thought maybe this type of segregation was no longer supported in Exchange 2013, but I found that in fact there is a new powershell command to set it in 2013 (Set-Mailbox -Identity Test User -QueryBaseDN "OU=Corp,DC=Domain,DC=Root").  Previously we had to do this manually in AD.

Should this type of filtering still work?  Any ideas why I'm seeing the behavior I am?

Note that I realize this likely could be handled by doing the following, of which I would only do as a last resort:

1) I could create an ABP for every contractor with an address list that contains only them (if I was talking about a handful, this would be OK but not really viable for hundreds).

2) I've seen info out there on filtering the MsExchSearchBase of the Default Global Address List.  I could set this to my OU which contains just the corporate contacts I wish users to see.  I don't know if this would cause any other impact though to my webmail-only users.  I also have a small subset which connect using RPC over HTTPS and we have Address Book Policies setup for each of those offices so that they only see their own office in their Global Address List so I don't think these users would be impacted either, but wanted to throw it out there.

Hi,

when click the TO: field and choosing a user from the GAL and double click it I get:

"The recipient couldn't be added. it doesn't have an email address."

When I search for a name, I get the Contact including the email adress, when i click the address it gets added to the TO field.

So we are in the middle of our migration to Exchange 2013, and appear to be having issues with migrating users with in-place archives on their mailboxes.

Environment:

Exchange 2010 SP3 RU1

Exchange 2013 SP1 RU1

Clients: Outlook 2010 SP1

The actual move request completes, the user account shows up as expected in the EAC with the archive, however when the user launches Outlook for the first time, only his primary mailbox gets reconfigured successfully. When the Archive -username link is clicked, an error pops up stating that "The set of folders cannot be opened. Server Microsoft Exchange is not available."

If we create a new profile for the user, the Archive connects just fine, but that also means they will have to download their entire OST again. Also, not very practical for 1,500 users with archives.

We have verified that this happens in both directions, i.e. if we move a mailbox + Archive from 2010 to 2013, or from 2013 to 2010. In OWA the archive is immediately available.

Has anyone else seen this in their environment?

Thanks,

Karl

How can i add the button “Sites” on the SuitBar in Outlook Web App(Exchange 2013) page and after clicking this button, the OWA page will go to SharePoint 2013 Team Site page.

As we all know, for Office 365, Outlook Web App and SharePoint are integrated. So we can simply click “Sites” button and then we will see SharePoint  page. I am using in-premise solutions and want users to have the same experience as Office365.

Best Regards,

Dean

Here's the scenario. I have two 2013 test accounts setup in Outlook as POP/SMTP accounts. I have their name setup as initials in the outlook account (the "Your Name" field).  If I send an email (Through SMTP) to a 2013 Exchange(Outlook Anywhere) client, their names resolve to their actual Display Name in the GAL which is correct.  Now if I send an email to another 2013 POP/IMAP user, their name shows what is setup in Outlook which is their initials which is not correct.

Now we are currently in the process of a 2007 to 2013 migration.  I do not see this behavior on the Exchange 2007 side with POP/IMAP clients.  If I run the same test setup with a 2007 mailbox as the recipient, the sender's name resolves to their GAL display name and NOT the name configured in the Outlook Account settings.  It doesn't matter whether the sender is a 2007 or 2013 account.  As long as the recipient is on 2007 it works fine.

This is all tested using authenticated SMTP.  The only difference I can tell is that the 2007 servers resolve the name before delivering it to the inbox where the 2013 servers don't.

There aren't any GAL or Address Book related issues on the 2013 side.  Full exchange clients or OWA work correctly.

Good day all -

Have a slight issue and was wondering if someone out there may have a suggestion. Currently cannot access the Mobile Phones option under OWA. Steps I am trying to do are listed below. Running an Exchange 2010 Version 14.03.0181.006. Do have a phone configured for ActiveSync and can successfully manage phone via EMC. Just cannot manage phone via OWA. Want to be able to give end user rights to (in case of lost phone). Under Organization Configuration/Client Access/Outlook Web App Mailbox Policies - Default is all set to Enabled. Have selected Private Computer Option as well via IE. Chrome but still no tab.

1.               OpenOutlook Web Access.
2.               Log on to the phone owner's mailbox.
3.               ClickOptions.
4.               In the Navigation pane, selectMobile Phones.
5.               Select the ID of the phone that you want to wipe and remove from the list.
6.               ClickWipe all data from device.
7.               ClickOK.
8.               ClickRemove device from list.

Thank you for your suggestions.

Hi,

my organization just migrated to exchange 2013. I'm mainly using outlook client, but the company gave us possibility to have additional mailbox for online archiving (accessible also from OWA - with less client work in case of searches in huge archives).

I created some folders within the online archive and I would like to use one of these folders to archive sent items. No problem accessing and viewing this 'sent' folder in the outlook client (I can customize the view as I prefer) but when accessing from OWA there is no way to make it show the 'to' field rather than the 'from' field (actually always me for these items).

Thanks in advance for your help

Andrea

recommendations for easy to use pop3 connector?

for exchange 2013 standard

Hi gang,

I have a very strange issue with a client who has recently installed two Exchange 2013 SP1 CU5 servers in a DAG configuration.  

We've moved a group of pilot users over from the Exchange 2010 environment to the Exchange 2013 environment.  Some of the users are experiencing an issue in which mail messages are "stuck" in the outbox folder.  I've verified that in all cases, the message has actually been delivered, so it seems as if the failure is in moving the message from the Outbox folder to the Sent Items folder on the Outlook client side.

All of the users in the company are running either Outlook 2010 SP1 or SP2.  They are all in online mode rather than cached mode.

The problem seems to affect only users who have a shared a mailbox, however, the messages that are effected always originate from the user's own mailbox.

There's an F5 Big-IP LTM in front of the servers providing load balancing services.  It's running version 11.5.1, and is a virtual edition.  It's running the latest version of the Exchange iApp (f5.microsoft_exchange_2010_2013_cas.v1.3.0). All of the web services for the environment are connecting through this reverse proxy.  I considered briefly that it could be a TCP keepalive problem, but this version of the F5 iApp has a 2 hour timeout.

I haven't been able to reproduce the problem; it seems to occur at random intervals.

There are no event log entries on either the server or the client when the problem occurs.

My research so far has turned up very little.  Nobody else seems to have written about having this specific problem.

Any help would be greatly appreciated!

I'm trying to find out if there is current functionality for the following in Outlook:

•Embedding form / questionnaire when setting up a meeting (i.e. to order food or supplies for the meeting, etc.).  Auto populate email group(s) for sending form upon completion?
•Designating the equipment available in the conference room (i.e. smart board, liteshow, etc.)?
•Alert notification if the number of attendees exceeds the conference room capacity (in the event attendees forwards the invite to others, etc.)?
•Can email groups be restricted so only certain individuals can see and use them?
•Is there a way to report usage of conference rooms and number of attendees?

Hi all!

Hope somebody can help me out. In my test lab, where I`m experimenting with Exchange 2013 SP1 and Outlook 2013 SP1 I came across very annoying thing.

Let me explain a little bit more about config that worked.

Outlook 2013 connected to Exchange 2013 via RPC over HTTPS is working great actually really great. I have created my own certs and imported ROOT CA cert to all of my machines and things are working peachy. As part of my plans for 2014 I have to test and deploy MAPI over HTTP sometime at the end of 2014 in our company (and migrate fromEX2007 but this is different story).

OK so I`ve enabled MAPI over HTTP on my test server and configured 5 virtual machines with different accounts to test things out. Started Outlooks, accepted "Your administrator has made change ....." prompts and here we go, I`m connected MAPI/HTTP and all works really great.

Except for one thing. When it does connect, things are super fast and it works as it should. But sometimes it does not connect right away and it is sluggish in performance. Also Outlook is missing "Quick steps" menu, see attached image:

I restarted all servers, clients, clean Outlook install nothing helps.

When RPC/HTTPS I could quit and start Outlook 10 times and it worked 10/10 without problems.
When MAPI/HTTP I restart outlook and it works 6/10, so 4 times I get messed up Outlook and very poor performance.

Any idea where to start troubleshooting? Maybe Outlook has a bug or 2 with this mode?
Server is correctly sized and backed up by enough of memory and CPU, mailboxes have 100-3500 items in them.
Again, RPC/HTTPS works every time without any problem.
MAPI/HTTP works lets say 6 times without any prolem at all and really works great but 4 times out of 10 it makes me want to throw it away :)

If someone knows best way to troubleshoot this one, please let me know.

Regards,

G

We are having problems connecting users outside the network with Outlook.. Help please

Testing Outlook connectivity.
	The Outlook connectivity test failed.
	Additional Details   Elapsed Time: 23489 ms.
	Test Steps   The Microsoft Connectivity Analyzer is attempting to test Autodiscover for rricks@co.hernando.fl.us.   Testing Autodiscover failed.   Additional Details   Elapsed Time: 23488 ms.   Test Steps   Attempting each method of contacting the Autodiscover service.   The Autodiscover service couldn't be contacted successfully by any method.   Additional Details   Elapsed Time: 23488 ms.   Test Steps   Attempting to test potential Autodiscover URL https://co.hernando.fl.us:443/Autodiscover/Autodiscover.xml   Testing of this potential Autodiscover URL failed.   Additional Details   Elapsed Time: 21221 ms.   Test Steps   Attempting to resolve the host name co.hernando.fl.us in DNS.   The host name resolved successfully.   Additional Details   IP addresses returned: 24.129.129.232 Elapsed Time: 192 ms. Testing TCP port 443 on host co.hernando.fl.us to ensure it's listening and open.   The specified port is either blocked, not listening, or not producing the expected response

which is better for pop3 access?

exchange 2010 or 2013?

i have used exchange 2010 before am familar with interface

Can someone confirm that this has been broken in SP1 or do I have a misconfiguration on my servers?

Thank you

Daniel

We've recently deployed Exchange 2013 SP1 as an upgrade from 2007.  We are using the In-Place Archive feature that Exchange 2013 has.  Using OWA however we do not seem to have the option to do a combined search of both the archive and active mailboxes.

This looks like it should be a possibility based on the screen shots seen here:
http://support.pa.msu.edu/howto.php?id=134

Specifically this one:
http://support.pa.msu.edu/images/owa/img6.png

Any thoughts as to why we seem to be missing this feature?  And let me know if you need any further info.

Hi all,

I am currently trying to setup Exchange 2010 Outlook Web Access (OWA) to use ADFS for single sign-on.

I followed through the instructions on http://www.theidentityguy.com/articles/2010/10/15/access-owa-with-adfs.html and after a fair bit of poking and prodding I seemed to get it working correctly as users could log in without any problem.

However I am experiencing an issue when users try to delete emails, OWA reports "Your network connection isn't available.if the proplem continues, contact your helpdesk with this HTTP statis code:302.". 

After some Googling I can see numerous articles referencing the same issue- and they all seem to point towards authentication problems with the IIS web.config from the exchange server. This makes perfect sense since that's what I've been playing with to get ADFS working. I tested this by reverting the web.config back to its original state and voila- it works again (albeit without ADFS).

Below is the contents of web.config with ADFS working (but with the delete error)

URL has been changed to company.com

<?xml version="1.0" encoding="UTF-8"?><configuration><configSections><section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /></configSections><system.webServer><httpRedirect enabled="false" /><modules runAllManagedModulesForAllRequests="true"><add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" /><add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" /></modules></system.webServer><appSettings><add key="FederationMetadataLocation" value="https://login.company.com/FederationMetadata/2007-06/FederationMetadata.xml" /></appSettings><location path="FederationMetadata"><system.web><authorization><allow users="*" /></authorization></system.web></location><system.web><authorization><deny users="?" /></authorization><authentication mode="None" /><compilation><assemblies><add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /></assemblies></compilation></system.web><microsoft.identityModel><service><audienceUris><add value="https://webmail.company.com/owa/" /></audienceUris><securityTokenHandlers><add type="Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"><samlSecurityTokenRequirement mapToWindows="true" useWindowsTokenService="true" /></add></securityTokenHandlers><applicationService><claimTypeRequired><!--Following are the claims offered by STS 'http://login.company.com/adfs/services/trust'. Add or uncomment claims that you require by your application and then update the federation metadata of this application.--><claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="true" /><claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" optional="true" /><!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" />--><!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" optional="true" />--><!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" optional="true" />--><!--<claimType type="http://schemas.xmlsoap.org/claims/CommonName" optional="true" />--><!--<claimType type="http://schemas.xmlsoap.org/claims/EmailAddress" optional="true" />--><!--<claimType type="http://schemas.xmlsoap.org/claims/Group" optional="true" />--><claimType type="http://schemas.xmlsoap.org/claims/UPN" optional="true" /><!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true" />--><!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" optional="true" />--><!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" optional="true" />--><!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" optional="true" />--><!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" optional="true" />--><!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/claims/authnmethodsreferences" optional="true" />--><!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" optional="true" />--></claimTypeRequired></applicationService><certificateValidation certificateValidationMode="None" /><federatedAuthentication><wsFederation passiveRedirectEnabled="true" issuer="https://login.company.com/adfs/ls/" realm="https://webmail.company.com/owa/" requireHttps="true" /><cookieHandler requireSsl="true" path="/" /></federatedAuthentication><issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"><trustedIssuers><add thumbprint="5AB73BD59404270968C35A041354D8D25BFA84FC" name="http://login.company.com/adfs/services/trust" /></trustedIssuers></issuerNameRegistry></service></microsoft.identityModel></configuration>

Below is the original web.config which I have reverted to and everything works fine (without ADFS)

<?xml version="1.0" encoding="UTF-8"?><configuration><system.webServer><httpRedirect enabled="false" /></system.webServer></configuration>

Some of my rules only appear in OWA (in Outlook it says "There are rules created with a different version of Outlook or Outlook Web Access that are not shown").

That's OK since i don't want to manage my rules from Outlook at all- I prefer OWA for that so that my rules will be applied even if i use some other mobile client.

The problem is that every time i start outlook, it re-orders my rules so that the rules only OWA knows, move to the bottom of the list (as seen in OWA).

My rules depend on the order...

How do i get this mess fixed?

Thanks,

Yair