Skip navigation

Category Archives: Exchange

I’ve seen so many people attempt to restore Exchange and fail using Microsofts built in tools, or come unstuck because they want to restore a single mailbox, that I thought I’d document the free method of backing up Exchange that we use, so that it will hopefully help others.

One of the tools available from Microsoft free is Exmerge.  It allows individual mailboxes to be individually exported to PST files, which can then either be re-imported back into Exchange or simply opened in Outlook.  Exmerge is available from

Extract and save to the Exchsrv/bin directory, and when the appropriate mailboxes have been selected, destinations set save the configuration.  This will create an exmerge.ini file.

This can then be scripted in a batch file and run as a scheduled task.  I create a folder on the local disk of the Exchange server (although this can be done to a mapped drive) for each day I want the backup to run.

My exmon.bat file reads:

D:\exchsrvrbinexmerge.exe -F C:\scriptsexmonexmerge.ini -B

Which runs the exmerge.exe, with the options specified in scriptsexmonexmerge.ini and runs the script as a batch job using the -B switch.

To clean the folder prior to running, I have a separate batch file that runs earlier on the same day that runs

del /F /Q /S z:\Exchangeexmon*.*

Subsequently to back up the PST files to a separate server I use the excellent BackupPC running on a Debian server.  Installation instructions for Debian are here:

The BackupPC box is confugured to access the SMB share that the PST’s are stored in, as well as additional file shares on the server.  BackupPC supports incremental backups and backups via a variety of methods (including SSH and rsync, as well as SMB).

It’s also possible to archive off historic backups for off-site using the archive functions within BackupPC.  As a free solution for backing up mailboxes and beiong able to recover easily (with version control) this is very effective…

Following a reboot of our Exchange 2003 server, the Pop3 service stated it was started, but on trying to connect to port 110 using telnet it just popped up “connection to the host lost”.  When we attempted to restart the service it hung when starting – there were no events in the event viewer following the stopping of the service.

The solution was to kill the process in Task Manager (inetinfo.exe).  We found it immediately re-spawned and worked…

Outlook web access does not allow the inclusion of images by default. However it is possible to embed the image within the signature.

First upload the image you wish to include to a web server and make a note of the full path. ie,

Then create a new signature in Outlook and ensure the path of the image on the signature points to your webserver. You can find the raw signature files in “C:documents and settingsusername.domainapplication datamicrosoftsignatures” on Office 2007/XP.

You can then edit the raw signature in Notepad.This is an ideal opportunity to tidy up the messy html created by Outlook when designing the signature in the first place. Find the image src and edit to point to the full path of the hosted image

Send an email with the signature embedded to the users email address and open the email within OWA (in IE). Copy the signature then go into Options -> Email Signatures and paste in the signature.

By default, Microsoft exchange uses the username when creating email addresses for users using Recipient Policy.


However, in many cases the standardised email address format is slightly different – for example:

This is actually really easy to edit in the Exchange System Manager using a few variables:

%g  = Given Name (First name).
%3g = means first 3 letters of Given Name
%s  = Surname (Last name).
%3s = means first 3 letters of sn.
%d  = displayname.
%m  = Exchange alias.

Once this has been edited, just right click on the Policy and click Update this Policy now.

I keep on finding and losing bookmarks of good base64 encoding and decoding sites, so thought I’d link to one here:

Useful when trying to test SMTP-Auth on a mailserver and needing to encode usernames and passwords!


We’re just trialling the Blackberry Professional software here, but with a change of heart as to the test user attempted to delete the user to re-add another.  Unfortunately although the Blackberry Professional Software allows you to delete users, it didn’t successfully purge the user from the database.  This meant that we couldn’t add an alternative user (the software comes with 1 user licence to trial with).

The solution is to manually remove the user from the database.  This can be done using the OSQL command line utility.

1>use BESMgmt
2>select DisplayName from UserConfig

This will show the DisplayName of the user.  For the sake of this document, we’ll call the user “testuser”.

To delete the user, then enter:

1>use BESMgmt
2>delete from UserConfig where DisplayName=“testuser”


That should remove the user.  On checking within the Blackberry Professional software there is now no longer a user, releasing the licence.


Bit of an awkward fix, unfortunately, as this involves having access to a Windows/Outlook setup, but to add a Public folder that exists on Exchange, it needs to be bookmarked as a favourite for Evolution to pick it up.

For example, we use a public folder for shared (company-wide) contacts here.  To add the folder I just log onto my account on a Windows machine, then added that public folder as a favourite.

After logging out of evolution and back in, I could then see these “public” contacts under the contact folder (CTRL+2).

This error occurs when trying to view Public Folders in the Exchange System manager when he SSL certificate name differs between the FQDN and the local server name.  The Exchange System Manager will not allow you to view the public folders as it believes the folder name to be incorrect.

This can be resolved using a front-end, back-end scenario, but what if you are stuck with a single Exchange server (ie. SBS) in your environment?

On following a few blogs and sites, the solution seems to be to remove SSL requirement for that particular folder in the IIS Manager.  This didn’t work for me though – and I found a lot of people out there with unresoved issues on Experts Exchange etc.

The end solution was to use the ADSIEdit utility to manually stop the Exchange System Manager from using SSL.

The steps are as follows:

1) Install the ADSIEdit Utility (one of the Windows Server 2003 Support tools) from your SBS2003 CD (CD2) using suptools.msi

2) Run a Microsoft Management console (Start->Run->MMC)

3) Open the ADSIedit.msc (browse to the Support Tools folder)

4) Browse through to

Configuration > Services >  Microsoft Exchange > Domain Name > Administrative Groups >     First Administrative Group > Servers > Servername > Protocols > HTTP > 1 > Exadmin

5) Right click msExchSecureBindings, and click Properties

6) Highlight :443: and click Remove

7) Click OK

8) Restart the Exchange System Attendant and the IIS Admin service

Exchange system manager will now no longer try to use SSL when connecting to the service.

Working for a number of clients, it’s surprising how many people assume that an email sent is secure by default.  The number of people (including e-commerce providers) who feel comfortable sending (and requesting) credit card information via email is quite shocking…

It’s worth clarifying that sending an email is the digital equivalent of sending a postcard….anyone, on any number of the hops between the sender and the recipient, could read the contents of that email with relative ease, in the same way that if you sent a postcard, anyone en route between the sender and the recipient who handles that card could read the contents.  Worse yet, there are methods of spoofing (pretending to be) the recipient mail server – causing all emails that are destined for the recipient to be captured then forwarded on without the recipient even knowing that this has happened….

There are methods of securing email, however – one of these is worth noting as a free solution – GNUPG and it is worth considering if you need to send any information that you feel is sensitive.  GNUPG can be used for digital signing of emails (proving that the email is really from you) and also for the encryption of emails using a private key pair.

There are resources on the use of GNUPG on the site, and it can be used on a variety of platforms (Windows, Linux, Mac) etc.

Thanks go to Simon Butler for this (aka. Sembee on Experts-Exchange or  His resources on this helped me iron out the problems and get this working beautifully!

I’d struggled getting RPC/HTTPS working for ages using a self -signed certificate, and while it’s still recommended using a purchased certificate, I needed to get a particular user working extremely quickly – within about 4 hours.  Waiting for appropriate DNS to propogate to get the cert approved wasn’t an option so the existing self signed cert I used for OWA was the only option…


First things first, the certificate needed to be installed in the Root Certification Authorities store on the client machine.  Note that adding the cert to the default store WILL NOT work.

Then create split DNS by adding the corresponding external DNS zone to your internal DNS server, and a host record for the SBS server.  Remember, if your external web site is hosted externally you need to ensure that there is an A record that points to the web servers IP address.

Next, a couple of Registry keys needed to be added (I would have never have sussed this if it wasn’t for the resources on Amset!). A reg key needs to be created on the SBS server as follows:

Windows Registry Editor Version 5.00
“NSPI Interface protocol sequences”=hex(7):6e,00,63,00,61,00,63,00,6e,00,5f,00, 68,00,74,00,74,00,70,00,3a,00,36,00,30,00,30,00,34,00,00,00,00,00

Copy and paste the above into notepad and save with a .reg extension, then run.  This will create a key that looks like:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSParameters Type REG_MULTI_SZ Name: NSPI Interface protocol sequences Value: ncacn_http:6004

Next on the Exchange server (this will be the same machine if using SBS) a different registry key needs to be created:


Windows Registry Editor Version 5.00
“ValidPorts”=”server:100-5000; server:6001-6002; server:6004;server.domain.local:6001-6002; server.domain.local:6004;;;”

Save as a .reg file and run.

Then simply configure Outlook to use RPC over HTTPS and specify the FQDN of the server.  You can test the connection by holding CTRL and right-clicking the Outlook icon, then looking at the Connection Status in the taskbar.  If it is trying to resolve the external FQDN of the server then Outlook is configured correctly. Then just ensure that port 443 on your firewall is forwarded to the SBS server….

….sorted 🙂