I received several certificate errors when attempting to connect Outlook to Exchange 2007.  This is because Outlook 2007 and Exchange 2007 encrypt all communications between themselves.  The solution was to create a new certificate (using Exchange PowerShell) for the intranet.  The relevent Microsoft Article can be found here:

http://technet.microsoft.com/en-us/library/aa995942.aspx

**This article says to use the same cert for IIS however, to use a third party cert (i.e. from Thawte) don’t include IIS when assigning the certficate to services.  If you do (as I originally did) use the following command:

Get-ExchangeCertificate -DomainName “<Exchange-Server-Name>” 

to get the thumbprint of the third party certificate and then use the command:

Enable-ExchangeCertificate -thumbprint <certificate-thumbprint> -services “IIS,SMTP”

to assign it to IIS and SMTP (see below).

I was then noticing some issues with Outlook Anywhere and found the following in the event log:

Product:
Exchange

ID:
12014

Source:
MSExchangeTransport

Version:
8.0

Symbolic Name:
CannotLoadSTARTTLSCertificateFromStore

Message:
Microsoft Exchange couldn’t find a certificate that contains the domain name %1 in the personal store on the local computer. Therefore, it is unable support the STARTTLS SMTP verb for the connector %2 with a FQDN parameter of %1 (if connector’s FQDN is not specified, the machine’s FQDN is used). Verify that connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that connector FQDN. If this certificate exists, run Enable-ExchangeCertificate –services SMTP to ensure transport service has access to its key.

Explanation

This Warning event indicates that there is a problem loading a certificate to be used for STARTTLS purposes. Generally, this problem occurs if one or both of the following conditions is true:

• The fully qualified domain name (FQDN) that is specified in the Warning event has been defined on a Receive connector or Send connector on a Microsoft Exchange Server 2007 transport server, and no certificate is installed on the same computer that contains the FQDN in the Subject or Subject Alternative Name fields.
• A third-party or custom certificate has been installed on the server and it contains a matching FQDN. However, the certificate is not enabled for the SMTP service.

To fix this, I simply ran the command referenced above (Enable-ExchangeCertificate…) to assign the Thawte cert to the SMTP service.

Link to full PDF
“If your Exchange 2007 Outlook Web Access (OWA) is failing for a user after the mailbox is
migrated from Exchange 2003 to Exchange 2007, the user account should be checked on the
Security tab under Advanced to see if it has “Allow inheritable permissions from the parent to
propagate to this object and all child objects.”

So how does this get turned off? Well, if the account is an administrative account or was ever an
administrative account previously, it will be turned off automatically. Reference the following:”

XADM: Do Not Assign Mailboxes to Administrative Accounts
http://support.microsoft.com/kb/328753

From Article ID: 328753
“To help guard against such security issues, the Administrator account and accounts that are
members of these security groups are not permitted to inherit permissions. On the Security tab of
the group or account’s properties page, you can see that the Allow inheritable permissions from
parent to propagate to this object check box is not selected. Moreover, if you click to select this
check box, a Microsoft Windows 2000 system task soon clears it automatically. Clearing the
check box is a function of Windows 2000 intended to prevent hackers from playing with security
and inappropriately increasing their permissions to the level of administrator.”
While the article applies to Windows 2000, a similar thing occurs in Windows 2003.

-Credit to Forrest McDuffie of Pointbridge Consulting

Here is a good list of the SMTP servers for a variety of ISPs.

Adelphia mail.adelphia.net
America Online (AOL) smtp.aol.com
Atlantic Broadband smtp.atlanticbb.net
AT&T (Broadband) mail.attbi.com
AT&T (Dialup) smtp1.attglobal.net
AT&T Worldnet mailhost.worldnet.att.net or imailhost.worldnet.att.net
BCPL mail.bcpl.net
Bellatlantic gtei.bellatlantic.net or smtpout.verizon.net>
Bellatlantic.net smtpout.bellatlantic.net
Bellsouth mail.bellsouth.net

Bestweb smtp.bestweb.net
BEV smtp.bev.net
Blacksburg smtp.blacksburg.net
Blazenet smtp.blazenet.net
Cable One mail.cableone.net
CAIS smtp.cais.net
CAPU smtp.capu.net
Charm.net smtp.charm.net
Charter Communications smtp.charter.net
Citizen’s Internet smtp.swva.net
Comcast smtp.comcast.net
Compuserve smtp.compuserve.com or smtp.site1.csi.com
Concentric.net smtp.concentric.net
Covad smtp.covad.net
Cox West smtp.west.cox.net(west coast users)
Cox Central smtp.central.cox.net (central users)
Cox East smtp.east.cox.net(east coast users)
Cox Business smarthost.coxmail.com
Crosslink smtp.crosslink.net
DCANET smtp-relay.dca.net
Delmarva Online mail-gw.dmv.com
Delta Net smtp.deltanet.com
Direcway smtp.direcway.com
DSL Extreme smtp.dslextreme.com
Earthlink Network mail.earthlink.net or smtp.earthlink.net
Earthlink Network
(International only) ismtp.earthlink.net
Edge.net mail.edge.net
Enter smtp.enter.net
EROLS mail.erols.com
Ezy smtp.ezy.net
Flashcom mail.flashcom.net or smtp.flashcom.net
Frontline.net smtp.fcc.net
Full Channel smtp.fullchannel.net
Gateway.net smtp.Gateway.net
GTI mail.gti.net
HotMail mail.hotmail.com
IBM.Global net smtp1.ibm.net
ioNet Inc mail.ionet.net
Integra smtp.integra.net
Interaccess.com smtp.interaccess.com
Internet America mail.airmail.net
Internet Highway smtp.ihwy.com
ITOL mail.itol.com
Juno smtp.juno.com
Mediacom mail.mchsi.com
Mediaone.net smtp.ce.medione.net
MegaPath mail.megapathdsl.net
MCI mailrelay.mciworldcom.net mailrelay.internetmci.com
Mindspring smtp.mindspring.com
MSN smtp.email.msn.com
Nauticom mail.nauticom.net
Netcom smtp.ix.netcom.com
Netcom (Canada) smtp.netcom.ca
Netscape smtp.isp.netscape.com
NetZero smtp.netzero.net
NYU.edu smtp.nyu.edu
OLG.com mail.olg.com
Omega Communications smtp.i-plus.net
OPTOnline Internet Service mail.optonline.net
Pacbell mail.pacbell.net
Patriot Media smtp.patmedia.net
PeoplePC Online mail.peoplepc.com
Pipeline smtp.pipeline.com
Prodigy smtp.prodigy.net
PSI.net relay.smtp.psi.net
PTD.net promail.ptd.net port 25
QIS mail.qis.net
Qwest Internet Service pop.dnvr.qwest.net
RCN smtp.rcn.com
Rider.edu enigma.rider.edu
RoadRunner smtp-server..rr.com
SBC Global smtp.sbcglobal.net
SBC Global Yahoo smtp.sbcglobal.yahoo.com
Smallville Communications mail.toto.net
SNiP mail.snip.net
Spectrum DSL mail.webstable.com
SprintLink smtp.a001.sprintmail.com
Sprynet m6.sprynet.com
Starpower smtp.starpower.net
Sympatico mailhost.sk.sympatico.ca
UMBC smtp.gl.umbc.edu
USA.NET mail.netaddress.usa.net
US Internet smtp.usit.net
UUNet mail.uu.net
Verizon Internet Services outgoing.verizon.net or smtpout.verizon.net
Wide Open West smtp.mail.wideopenwest.com
XO Communications mail.njd.xo.com or smtp.concentric.net
Yahoo smtp.mail.yahoo.com
Ziplink smtp.ziplink.net

Link

1) Application Log - Use the event viewer on the Exchange server and analyze the Application Log.  If event id 1216 is reported when the Information Store comes online then you have Standard.  If 1217 is reported then you have enterprise.

2) System Manager - In Exchange System Manager, tree down to the “Servers” folder  and click the folder itself so your servers appear in the right pane.  This view should show 2 columns including an “Edition” column.  This was originally found here where this a screenshot.

http://msmvps.com/blogs/bradley/archive/2006/05/25/97044.aspx

First the caveat.. the SBSmonitoring database shouldn’t be that big.. if it is …. your monitoring program isn’t running properly and purging the database as it should so rerunning the monitoring wizard is probably the best plan of action… but if you need to clean up that monitoring file… here’s some info from the newsgroups…

1>	We can simple rerun the Monitoring wizard to purge the
SBSmonitoring.mdf database.

NOTE: After doing the following steps, the original performance and usage
data will be removed. The server will start to collect new counter value
from the beginning.

1. Open Server Management console, navigate to ‘Monitoring and Reporting’
snap-in. In the right panel, click ‘Set Up Monitoring Reports and Alerts’.

2. In the wizard, click ‘Next’->Select ‘Reinstall monitoring
features’->Select the options if you want to receive the report e-mails.
Check ‘View the usage report in Server Management’ option. If you want to
receive the usage report e-mail, also check the option below->Add the users
which you allow them to view the usage report to the authorized
list->Select the option if you want to receive the performance
alerts->Click ‘Finish’ button to complete the configurations.

3. After doing the above steps, the performance and usage data will be
reset. Please wait for 24 hours and then you will see the reports through
the Monitoring and Reporting console.

2>	If you are using SBS Premium and have SQL server installed:

You can use the SQL Client Utilities to try and shrink the database. In
SBS, there is a job SBS_Database_Cleanup that is scheduled to run at 3:00
AM everyday, to delete over 90 day old information from the monitoring
database.

You can manually run the SBS_Database_Cleanup job, and use DBCC
SHRINKDATABASE, DBCC SHRINKFILE or use Enterprise Manager
to reduce the size of the database.

3>	If you are running SBS Standard:

You need to use osql to connect to the WMSDE instance, and use transact SQL
commands manually to request the database be shrunk (”dbcc shrinkdatabase(
SBSMonitoring, <% free space target>)”).

4>	If you need more space on your C drive, I would also suggest moving
available data from your C drive to other partition on your Server. The
following white paper demonstrates this scenario in detail.

Please refer to Step 5: Move the Monitoring Database in the following white
paper.
Moving Data Folders for Windows Small Business Server 2003
http://www.microsoft.com/technet/prodtechnol/sbs/2003/maintain/movedata.mspx

http://www.phenoelit.de/dpl/dpl.html

Add D word: “Database Size Limit in GB“, and set the number of Gigs (in decimal)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<Servername>\Private-GUID

*Note (Added by Tracy) - The information store must be dismounted/mounted or the Information Store service must be restarted for this to take effect.