Password Reset Tool and TMG

In Exchange Server 2010 SP1 there’s the password reset tool, a tool you can use when a user’s password has expired, or when the administrator has reset a password and checked the user must change password at next logon option.

The password reset tool can be set with a registry key:

  1. Login to the CAS Server;
  2. Open the Registry Editor and navigate to HLKM\SYSTEM\CurrentControlSet\services\MSExchange OWA
  3. Create a new DWORD (32-bits) and name it ChangeExpiredPasswordEnabled
  4. Give this DWORD a value 1
  5. Restart the Internet Information Server using IISRESET

When you logon to the Client Access Server (with Forms Based Authentication) after a password reset the following form is presented:

image

Using the password reset tool from the Internet when published using TMG2010 is a different story. By default this is not working so some changes have to be made to the TMG’s web listener. Logon to the TMG Server and select the appropriate web listener. Select the Forms tab and check the Use customized HTML forms instead of the default. The custom HTML form set directory must be set to forms, this is the directory on the CAS server where forms are stored. Also check the Allow users to change their passwords option.

image

Now when a user’s password is reset with the user must change password at next logon option the password can be changed via TMG.

Exchange /hosting discontinued

Everybody that has hosted Exchange 2010 running using the /hosting switch knows it is a real painful experience. It is difficult to implement, it is difficult to maintain and there quite a lot of functionality missing like UM, Public Folders, the Exchange Management Console and integration with other products like Lync Server 2010 or Sharepoint Server 2010.

There has been a lot of complaints from hosters about this situation at Microsoft and Microsoft had to make a painful decision: Microsoft will no longer invest in the /hosting version of Exchange Server 2010 and it will be discontinued in the next version of Exchange Server (code name Exchange 15).

Continue reading Exchange /hosting discontinued

Error 600 Invalid Request

It is possible to test the autodiscover configuration using a browser. But when navigating to the autodiscover URL https://autodiscover.contoso.com/autodiscover/autodiscover.xml you’ll see a 600 Invalid Request error message.

image

When you click the Show All content button the entire XML package is shown:

image

When you see this message your autodiscover configuration is absolutely fine! The reason you see this message is that the autodiscover service expects an HTTP POST command from Outlook, and not an HTTP GET command from Internet Explorer.

So, the service is good but the actual request that’s send to the autodiscover service is not good and therefore autodiscover returns the Error 600 Invalid Request message. So this error is good 🙂

File Share Witness (FSW) on non-Exchange Server

Microsoft is shifting focus on Load Balancing solutions. During TechEd 2010 in Berlin it was announced that Windows Network Load Balancing (NLB) is no longer recommended (but still supported) and that the recommendation will be to use a hardware load balancer.

Another new recommendation is to use combined Exchange server with all three Server Roles, i.e. Hub Transport, Client Access and Mailbox Server Role when possible.

When using a Database Availability Group (DAG) you have to use a server outside the DAG as a File Share Witness (FSW). Normally an Exchange 2010 Hub Transport Server is recommended for FSW usage, but when using a two node DAG each with three Server roles an additional Hub Transport Server might not be available.

Continue reading File Share Witness (FSW) on non-Exchange Server

Exchange 2010 Hosting mode revisited

I already blogged earlier about the multi-tenant hosting possibilities in Exchange 2010 SP1 when using the /hosting switch during installation. This provides a true multi-tenant Exchange 2010 environment but lacks quite an amount of functionality, like Public Folders, the Unified Messaging Role, Lync Server 2010 multi-tenant integration (although an update on this is expected later this year) and provisioning difficulties. You can read my two earliers blog post on Exchange 2010 hoster edition and Exchange 2010 SP1 hosting & Control Panel. Although it is doable, it is difficult at the same time.

With the upcoming Service Pack 2 for Exchange 2010 there’s nothing new with respect to the Hoster Edition, but for a normal installation (also referred to as on-premises installation) a new feature called Address Book Policies (ABP) will be presented. The new ABP feature is the successor of the Exchange 2007 Address List Segregation (which is not supported in Exchange 2010 since it might horribly break Exchange 2010). This makes it easier for non hosting customers to implement multiple address lists without using the /hosting switch (please remember you need to be a registered hoster to officially use the hoster edition of Exchange 2010 SP1).

Continue reading Exchange 2010 Hosting mode revisited

Microsoft UC Specialist