Wednesday, February 9, 2011

Outlook 2003 Free/Busy issues in Exchange 2010 environmet

Hello everyone,

below is an extract from a great article

Public Folders, Offline Address Book and Free/Busy

Outlook 2003 uses the Public Folders free/busy messages to determine availability in the Calendar and as the source for Offline Address Book synchronization. If Public Folders are not configured during Exchange Server 2010 setup, Offline Address Book and Free/Busy will not be available to Outlook 2003 users. These users will encounter connection errors.
If free/busy Public Folders folder is not replicated to Exchange Server 2010, users will encounter the following:
Users who use Outlook 2003 cannot publish their free/busy data in Exchange Server 2010 or in Exchange Server 2007
If clients inside the organization or connected via VPN/RAS, and the organization uses a Proxy server, the Client Access Server should be listed in the "Bypass proxy server for local addresses" configuration.
Error message when Outlook synchronizes an offline address book with Exchange Server 2007 and Exchange Server 2010: "0x8004010F"
Also, if there are missing address book list objects or missing or incorrect address lists, the following may occur:
An error occurs when you try to synchronize the offline address list on an Exchange Server server while you are using Outlook 2003: "0x8004010F"

Opening Additional Mailboxes

Delegate Access issues, opening other user's folders or mailboxes are a common operation in the enterprise. Outlook 2003 users may encounter issues, if the environment is not properly prepared for their use:
Office Outlook 2003 does not connect to two or more additional mailboxes in a mixed Exchange Server 2007 and Exchange Server 2010 environment
An error occurs when an Exchange server 2003 user tries to open more than one delegate mailboxes of Exchange Server 2010 in Outlook 2003


How to request a new certificate manually with certreq.exe tool ussing a INF file and a SAN

Once a time I was really lost regarding how to get a new cert request from command line and I've found  this command ....this is useful for Windows 2003 Server and Windows 2008 Server.

1.Open a notepad and save as policy.inf and copy the below lines:

Policy.INF file

Signature= "$Windows NT$"
Subject= "CN;OU=MyCompany IT;O=My Company Inc;L=Saavedra;S=CABA;C=AR"
KeySpec = 1 
KeyLength = 1024  
Exportable = TRUE
MachineKeySet = TRUE
PrivateKeyArchive = FALSE
UserProtected = FALSE   
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA Schannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10 
KeyUsage = 0xa0   

2. From command line and with Local Administrator permissions, type:

certreq -new Policy.inf c:\certs\server1New.txt
3. Submit the request file to the Certificate Authority (CA) and have the CA generate the certificate

4.After receiving the certificate , accept it
certreq -accept c:\certs\cert.cer
 This will install the certificate in your certificate personal folder..

Further information be free to contact me at


How to install a Certificate in Exchange 2007 CAS Server

Gooood night for all...
A commercial certificate is only needed if the Client Access server will service client requests from the Internet or to facilitate un-trusted cross-forest communication between Client Access servers.

1.Connect to the server via Remote Desktop and log on with an account that has local administrative access and has been delegated the Exchange Server Administrator role (or higher).

For more information about using the certificate tasks, see the Exchange 2007 Online Help topic Creating a Certificate or Certificate Request for TLS .
If generating a certificate that will use Subject Alternative Names, be sure that the certificate’s principal name will be the one that the clients (for example, Outlook) will use to connect (for example, In other words, do not list the Autodiscover namespace as the principal name in the certificate.

2. Generate the certificate request by using the following Exchange Management Shell command. The DomainName parameter includes the principal URL, Autodiscover FQDN, and the server FQDN. The FriendlyName parameter matches the principal URL that is used by Outlook Web Access and Outlook Anywhere.

New-ExchangeCertificate -GenerateRequest -SubjectName “c=US,o=MyCompany,cn=<Primary Namespace>” -DomainName =<Primary Namespace>, <Secondary Namespace(s)>, <ServerName>, <ServerName>, <Location Code> -FriendlyName <Primary Regional Namespace> -privatekeyexportable:$true -path c:\cert.txt

An example of [Full Subject Path] is "c=US, o=Company,".

Note: In Windows Vista, the Windows RPC/HTTP client-side component required that the Subject Name (Common Name) on the certificate match the “Certificate Principal Name” configured for the Outlook Anywhere connection in the Outlook profile. This behavior was changed in Windows Vista Service Pack 1 (SP1). Therefore, as a best practice, make sure that the Subject Name (Common Name) on the certificate match the “Certificate Principal Name” configured for the Outlook Anywhere connection. 

3. Submit the request file to the Certificate Authority (CA) and have the CA generate the certificate.
4. After receiving the certificate, import and enable the certificate by running the following Exchange Management Shell command where [services] can be POP, IMAP, IIS, or a combination:

Import-ExchangeCertificate -path c:\newcert.cer | Enable-ExchangeCertificate -services "IIS,IMAP,SMTP"
5. You will prompted to “Confirm; Overwrite existing default SMTP certificate”. Respond “L” for “No to all”

6. Require SSL on the default Web site, do the following:
  1.  Open Internet Information Services (IIS) Manager.
  2. Expand the Server Node object and the Sites node.
  3. Click the Default Web Site.
  4. In the middle pane, double-click SSL Settings.
  5. Verify Require secure channel (SSL) is enabled.
If you require 128-bit encryption, also verify that Require 128-bit encryption is enabled.