Thawte now is conforming to the new 2048 bit standard for their SSL certificates, which will require you to install two intermediate certificates on your server before they work and is validated. Below are the links to the articles and intermediate certificates. Download both certificates and import them into the “Intermediate Certificate Authority” in the Certificates MMC.

Thawte Intermediate and Cross Root CAs - link

Primary and Secondary Intermediate CAs - link

Great table on the features of ActiveSync and what each client (device) can do, - Wikipedia

Trying to backup Exchange 2010 and purge transaction logs using the built-in Windows Server Backup app (Windows 2008).

- Backup completes but with warnings and log files won’t purge

-Found that the backup will run successful only if database files and the transaction log files on the same volume

Moved the transaction logs files via the EMC to the save volume as the databases and got past the consistency check failure issue, and got a good backup w/flushed logs.

There is an issue with installing SP2 for Exchange 2007 on SBS 2008, Microsoft has released a tool to get passed the errors - link. You need to download and extract Exchange 2007 SP2 - link, run the install tool. It will ask for the directory of SP2, and then you install SP2 normally.

Here are more details of the issue on MSExchange.org

A client wanted to setup a rule to send an automatic reply to an email address that wasn’t being used any longer. The solution was to create an Outlook rule (server-side) that would reply to the message using a specific message and forward the message to another recipient. First create a new user and email address that you want to autoreply.

Outlook:

Create a rule to have Exchange Server send an automatic reply

1. On the Tools menu, click Rules Wizard.
2. In the Apply changes to this folder list, click the Inbox you want to create the rule for.
3. Click New.
4. Click Start from a blank rule.
5. Click Check messages when they arrive, and then click Next.
6. In the Which condition(s) do you want to check list, select the From people or distribution list check box.
7. In the Rule description list, click the underlined phrase, people or distribution list.
8. In the Type name or select from list box, type the name of each person you want to receive the custom reply, and click From after you type each name.
9. Click OK, and then click Next.
10. In the What do you want to do with the message list, select the Have server reply using a specific message check box.
11. In the Rule description list, click the underlined phrase, a specific message.
12. In the subject line and message body, type whatever information you’d like to appear in your custom reply.
13. Click Close, and when prompted to save changes, click Yes.
14. Click Next, and select the check box next to any exception that you want.
15. Click Next, and in the Please specify a name for this rule box, type a name for the rule.
16. Click Finish, and then click OK.

By default, Exchange won’t send automatic replies, here is how to do it.

Exchange 2007

1. Open Exchange Management Console
2. Expand Organization Configuration-> Hub Transport
3. In the right pane select the Remote Domains tab
4. Right click Default and choose Properties
5. On the General tab you can set which type of Out of Office Messages you will allow
   On the tab named “Format of original message sent as attachment to journal report:” you can enable or disable the automatic replying/forwarding

We also went on the old mailbox (that we are autoreplying from) and modified the deliver options (mail flow settings tab) to forward email to another mailbox. This will let send reply emails only to the old email address with the custom autoreply, but anyone who sends to the new email address won’t be bothered by the autoreply. You can also hide the mailbox so it doesn’t show up in the GAL too.

Link to other versions of Exchange too

You run into issues installing Exchange 2007 SP2 on SBS 2008 until you add the following key and DWORD to the registry.

To create the E12SP2READY registry value, follow these steps:

1. Click Start, click Run, type regedit in the Open box, and then click OK.
2. Locate and then click the following registry subkey:
   HKEY_LOCAL_MACHINE\Software\Microsoft\SmallBusinessServer\Exchange

   Note If the Exchange subkey does not exist, you must create it. To do this, follow these steps:

   1. Right-click SmallBusinessServer, point to New on the Edit menu, and then click Key.
   2. Type Exchange and then press ENTER.
3. After you select the Exchange subkey that is specified in step 2, point to New on the Edit menu, and then click DWORD Value.
4. Type E12SP2READY, and then press ENTER.
5. Right-click E12SP2READY, and then click Modify.
6. In the Value data box, type 1, and then click OK.
7. On the File menu, click Exit to exit Registry Editor.

Full article at Microsoft - http://support.microsoft.com/kb/973862

There are additional steps to get Exchange 2007 SP2 installed on SBS 2008, below are the steps to complete from Microsoft Support

http://support.microsoft.com/default.aspx?scid=kb;EN-US;973862

How to update the GAL manually

Update-GlobalAddressList -Identity <GlobalAddressListIdParameter> -DomainController

For most it would be Update-GlobalAddressList -Identity “Default Global Address List”

How to check the logging in Exchange 2007

get-EventLogLevel

See which certificates Exchange 2007 are using

Get-ExchangeCertificate

Get-ExchangeCertificate |fl  (for more information)

Enable Exchange services for certificate

Enable-exchangecertificate -services IMAP, POP, UM, IIS, SMTP -Thumbprint BCF9F2C3D245E2588AB5895C37D8D914503D162E9

See what URL the CAS server has for autodiscover

Get-ClientAccessServer -Identity CASServer | FL

Change the autodiscover URL

Set-ClientAccessServer -Identity CASServer -AutoDiscoverServiceInternalUri https://mail.yourdomain.com/Autodiscover/Autodiscover.xml

Configure all the InternalURLs for each web distributed service

Set-OABVirtualDirectory -Identity “CASServer\OAB (Default Web Site)” -InternalURL https://mail.yourdomain.com/OAB

Enable-OutlookAnywhere -Server CASServer -ExternalHostname “mail.yourdomain.com” -ClientAuthenticationMethod “Basic”-SSLOffloading:$False

Set-ActiveSyncVirtualDirectory -Identity “CASServer\Microsoft-Server-ActiveSync (Default Web Site)” -ExternalURL https://mail.yourserver.com/Microsoft-Server-Activesync

Find out your inbound/outbound message limits

get-transportconfig

You may have trouble sending mail to certain domains while using Exchange Server 2007 on Windows Server 2008. The Queue Viewer displays the following status error for the domain in question:

“451 4.4.0 primary target IP address responded with “421.4.4.2 unable to connect.”attempted failover to alternate host, but that did not succeed.Either there are no alternate hosts, or delivery failed to all alternate hosts.”

This problem occurs because routers do not support the TCP autotuning settings in Windows Server 2008.

To disable autotuning, follow these steps:

Run CMD as Administrator

At the command prompt, type the following command, and then press ENTER:

netsh interface tcp set global autotuninglevel=disabled

This command disables the Receive Window Auto-Tuning feature.

Exit the Command Prompt window.

Restart the computer.

In the situation I came across, Outlook 2007 clients were constantly prompting for a password eventhough the users were on the LAN, members of the domain, and logged in to the PC with domain credentials.  While I found several potential causes, the solution ended up being an SSL setting in IIS on the mail server. 

The solution was to allow client certificates on the virtual directory for Exchange Autodiscover.  It turns out the clients were attempting to use the Autodiscover service with Exchange 2007 to detect settings and the website wasn’t accepting their client certificate.  The client certificates are apparently used for encryption between the client and the server.  Disabling the checkbox to enable that type of communication may also have been a solution, but this is a better one because it maintains the security of an encrypted channel.  Here are the instructions:

1. Using IIS6 - Click Here
2. Using IIS7 - Open the IIS manager.  Expand the Sites group and expand down to the Autodiscover virtual directory.  Select this virtual directory then selec “SSL Settings” from the center pane.  In the settings window, select “Accept Client Certificates”.

In addition, the authentication settings on this virtual directory can also cause this to happen if not configured correctly.  Just make sure that Integrated Windows Authentication is checked.