Exchange After-Migration Update

We wanted to offer a major update on the migration, specifically covering the major issues we have addressed for some clients during the cleanup phase.

Distribution groups, forwarding

We have received reports from several organizations regarding issues covering distribution groups, group members, forwarding account directions (forward vs. store & forward). If any objects failed to import due to configuration/contents/policy/etc it is in the retry queue and will be published shortly.

Add / Delete Mailbox

We have addressed a bug in the add/remove process that was prohibiting certain organizations to add/remove accounts. Originally, as noted on anythingdown.com NOC, we blocked this function entirely because users were looking at an empty list and creating mailboxes (that would cause a collision when the new mailbox was migrated from the source). This problem is fixed, if you encounter an issue please open a ticket with a screenshot and as much info as you can provide.

Add / Delete Organization/Domain

At this moment it is not possible to add/remove organizations, or those that were in the system recently. In order to finalize the migration, the routing policies are locked down (meaning if you deleted a domain, ExchangeDefender will still treat them as local). We look forward to wrapping this up shortly.

Password / Login issues

This is by far the biggest ticket group category, we are still processing double digit requests for credentials, credential resets, and credential tests. Similar to the next group:

Outlook issues

We are still spending a lot of time going through the basic Outlook configuration steps. For an overwhelming majority, this transition has been transparent. Those that did not and had to take a manual configuration route, the process has been described at anythingdown.com 1) Make sure you have an autodiscover record 2) Make sure it propagates, then run the autodiscoverregistryhacks.zip 3) If you don’t control your DNS, make adjustments to your local systems hosts file 4) Setup Outlook with autodiscover, the UPN must be used as your login address if you’ve changed it from your primary SMTP address.

Missing & Syncing Emails

Every mailbox that has been reconnected has either had all it’s mail delivered directly, delivered in a Catchall account – user@domain.com. Some users are confusing items they see in their Inbox in LiveArchive but not in their Outlook/OWA (but after extensive searching we keep on finding missing messages in folders, Deleted Items, etc). If something is missing and absolutely critical in LiveArchive just click on the message and click Forward to your email address and the message will be forwarded to your Outlook/OWA.

Store & Forward

Several users were also unfortunately caught up in a custom policy that did not get migrated to the new Exchange. These are more legacy configs we did for some users in AUDC, things like renaming the OU or primary domains. For some of those accounts, the store and forward rule because a forwarding only rule, skipping the Inbox and going straight to the person that it’s being copied to. We have fixed this issue and it should not be happening again.

Autodiscover

We have gotten several complaints about autodiscover. Microsoft has removed manual configurations in 2013 and no modern version of Microsoft Exchange supports a manual server setup. However, this is something that could be easily rectified even with minimal technical skills by modifying the local hosts file if you don’t have the credentials to do it properly by modifying the DNS. Absolutely everything in the new infrastructure relies on the autodiscover record!

iPhone / Android Setup

For the most part, we are just confirming that all mobile devices should work fine with owa.xd.email as the server name, ditto for EWS integrated applications, we have not received more than an inquiry for the server name. For Android, things get sketchier when you consider all the different vendors, apps, and configurations. Again, so long as autodiscover is present and configured properly and your device is using a modern client, it should just work. When it doesn’t, recreating it takes a few minutes.

NDR

Non delivery receipts and errors are always of high interest to our NOC team as we continue to go through cleanup and audit all the tickets and users.

These are the issues we are currently working on, in 3 shifts, and sorting them all out as fast as possible. I know that for many of our clients this transition has been messy, but you are on such a better and more secure platform that won’t require you go through this process again. While modern platforms are more secure, their recovery from a disaster or issue (as some of you unfortunately went through) is extensive and at times unpredictably slow – so you have this much of a commitment for us, we will make sure LiveArchive is able to step in on a whole new level when things like this happen.

---

Important links to remember

ExchangeDefender NOC
www.anythingdown.com or https://xdinternal.xdnoc.com/

ExchangeDefender Exchange Setup
https://www.exchangedefender.com/blog/2020/06/exchangedefender-exchange-setup/

Autodiscover Registry Hacks
https://www.exchangedefender.com/media/autodiscoverregistryhacks.zip

ExchangeDefender Service Documentation (Knowledgebase)
www.exchangedefender.com/documentation

ExchangeDefender Exchange Setup

This guide is intended for IT solution providers, CIO, and technical staff that is in charge of setting up and managing email. While Exchange is a very complex and robust environment, our control panel is designed to help personnel of all technical skill levels manage email. In Figure 1 above you can see our Service Manager, the user friendly way to manage every aspect of email in your Exchange organization.

This site is accessible at https://support.ownwebnow.com and your MSP/CIO has access to manage the Service Manager on demand. For the purposes of this guide, we only reference this site because it is where management begins: the rest of the guide is to help every user configure their Microsoft Outlook, or mobile Android / iOS devices.   

Important Server Names

Microsoft Outlook, iOS and Android devices connect to the Microsoft Exchange infrastructure through several web services. If your IT provider has configured your Autodiscover DNS properly, you will never need to know about these sites, but it is important to know where the resources are in the event that you need to configure something more complex to work with Exchange. Figure 2.

Each Exchange organization managed by ExchangeDefender has their own branded set of OWA, EWS, and Autodiscover records. While we recommend you use the branded one for your organization, the default ones will work the same way and they all point to the same network resources.

Outlook Web App
https://owa.xd.email/owa/

Outlook Web App (formerly known as Outlook Web Access) is the web version of Outlook that works in your browser. While not as powerful or as flexible as Outlook, unless you are a power user, it will do the job. You can point your cell phone, tablet, laptop, or workstation to the URL above and it will give you access to the most popular Outlook features over the web.

EWS URL
https://owa.ownwebnow.xd.email/EWS/Exchange.asmx

Exchange Web Services (EWS) is the web service endpoint for advanced configurations. If you need to integrate a service or a device with Exchange Web Services, this is the URL to use. As of Exchange 2013, there is no support MAPI.

Autodiscover

autodiscover.xd.email

Exchange Autodiscover service makes it easy to deploy Outlook without providing manual configuration parameters – all you need is your email address and your password. Since 2013, Autodiscover has become the only way to configure Outlook/Exchange and manual configuration is no longer possible. If you do not have Autodiscover record in your DNS you need to create it and point it as a CNAME to autodiscover.xd.email (if this is not possible for some reason, see Appendix A)

ExchangeDefender Admin Control Panel

https://admin.exchangedefender.com

Managing ExchangeDefender security, including the included Exchange antispam, antiphishing, and business continuity services, is done through our admin control panel. Most organizations are managed through the domain login (domain.com) or user login (user@domain.com). Please see https://www.exchangedefender.com/docs for more information on how to manage this powerful service.

ExchangeDefender Next Generation LiveArchive (NGE)

https://nge.exchangedefender.com

ExchangeDefender LiveArchive is a business continuity (email resilience) platform independent of Microsoft Exchange that is running in parallel with your email infrastructure. When Microsoft Exchange experiences a technical problem, you can still send and receive email from any device using the same email and password that you use for Outlook and OWA. Please see https://www.exchangedefender.com/docs for more information.

Configuring Outlook

For the purposes of this guide, we are assuming that your IT personnel has already created all the required DNS records (MX, SPF, DKIM, and most importantly, Autodiscover) and that you know your login credentials (you can test them by going to https://owa.xd.email/owa/)

Step 1: Download and run Outlook Registry Tools

Open your web browser and go to the following site: https://www.exchangedefender.com/media/autodiscoverregistryhacks.zip

Step 2: Open the Outlook Registry Tools

Click on autodiscoverregistryhacks.zip to open the archive (Figure 3):

Find the version of Outlook you have (registryhacks2016 will work for both Outlook 2016 and 2019) and drag it to the desktop.

Click on Start, type cmd, and then right click on the Command Prompt.

Click on Run as administrator.

Change directory to your desktop: cd C:\Users\YourUsername\Desktop\

Note: Please substitute your username for YourUsername in the path. My example is C:\Users\Vlad\Desktop\

Run the batch file you extracted and moved to your desktop in the previous step. If you do it right, this is the output you will see (Figure 4):

IMPORTANT: Reboot your PC.

Step 4: Outlook Configuration

Start Microsoft Outlook and your configuration wizard will start. This process can take a few minutes for each step to be complete, if you’re waiting more than 10 minutes something is likely not done correctly.

Figure 5: Outlook Welcome

Select Exchange.

Your system will now contact the Autodiscover web service to obtain all the Microsoft Outlook configuration credentials. If it worked, you will be prompted to accept server settings:

Next you will have to provide your password.

Microsoft Outlook will now authenticate with our servers and configure everything for you. Next you should see the notification that Account successfully added.

Click on the link on the bottom under Done and confirm that checkbox is not checked next to Set up Outlook Mobile on my phone, too. Figure:

That is all! You are set and ready to go. Microsoft Outlook will now continue to set everything up and in a few moments.

That is all, enjoy Microsoft Outlook powered by ExchangeDefender managed Exchange.

Managing Calendar Permissions

Designed for Outlook 2013/2016

Select the Calendar button in the Navigation Bar.

Select the calendar that you would like to share, right-click on the Calendar and choose Share > Calendar Permissions.

On the Permissions tab, you may add or remove users to whom you have delegated access to your calendar.

To add a new delegate, select Add… and search for the desired user by Last Name. You can search the Global Address List or your personal contacts list by selecting the appropriate dropdown menu under Address Book. Under the Permissions heading, choose the level of detail you would like to provide to the user.

To remove a delegate, select the user and choose Remove.

Choose Apply > OK. 

Configuring iOS Devices (iPhone, iPad)

Configuring iOS Devices is very simple. Just start your Mail app and you will be prompted to setup a new account. Select Microsoft Exchange, second option from the top.

Next, you will be prompted for your account credentials. Your login credentials are the same as for Outlook Web Access.

Tap on Next.

Your device will now attempt to locate the Autodiscover server and obtain all the settings.

You will be prompted to verify server identity, tap on Continue.

Next, you will be prompted to provide the server and login credentials, same as in the previous screen.

Server for iOS is owa.xd.email

Tap on Next.

After a few minutes the device will autoconfigure and allow you to select which iOS applications should sync data with the Exchange server.

Android Setup

Android setup is very similar to iOS but most vendors use their own email app. If you choose to use the stock Android Gmail app, or other Android phone vendor email app, you will need to know your:

Server address: owa.xd.email

Username & password which are the same as the ones you use to login to https://owa.xd.email/owa/

Configuring MacOS X with ExchangeDefender Exchange

The following instructions are for MacOS Catalina, and the instructions work very similarly for all other versions of MacOS X. So long as you have your Autodiscover record configured properly, your setup process will just require your email address, password, and a few clicks along the way.

1.First, start the MacOS Mail app. If you aren’t prompted to add an account click on Mail > Add Account

2. Select Exchange from the “Choose a Mail account provider…” screen. Click Continue.

3. You will now be prompted for your name and email address. Type them in and click Continue.

4. This is where Autodiscover kicks in. Manual setup is not supported. Click on Sign In.

5. Type in your ExchangeDefender password and click on Sign In.

6. You will be prompted to accept an SSL certificate. Click on Continue.

7. You will now be prompted to add the certificate. Please type in your MacOS X password here. Click on Update Settings.

8. You will now be prompted which apps you want to have access and sync with your Exchange data. Make an appropriate selections and click Done.

Congratulations, you’re all set. Exchange will now sync with your MacOS. If you need to make changes, you can always click on Mail > Accounts and go from there.

If the process fails for any reason, make sure you have an Autodiscover record set and pointed to the right direction. Make sure you are using the right credentials, you can test them at https://owa.xd.email/owa/ and if they work there, they should work on your Mac. 

Appendix A: Hacking Autodiscover

As of Microsoft Exchange 2013 and Outlook 2013, you have to use Autodiscover records to configure Outlook. Your domain administrator must create an Autodiscover record in your domain.

Hostname: Autodiscover

Host Type: CNAME

Host value: Autodiscover.xd.email

After the host is created, it can take up to 72 hours for the DNS change to propagate (most should propagate in minutes).

If you cannot modify your DNS, you can hack it by using the Windows Hosts File. This is not recommended nor supported by ExchangeDefender and will likely be blocked by your antivirus, but if you’re technically sophisticated and can troubleshoot DNS you can point the Autodiscover.yourdomain.com hostname to the IP address of Autodiscover.xd.email. This is a temporary measure only, if you cannot immediately create a DNS record in your domain, and is not supported by our team.

---

UPDATE: Exchange Migration

We have been keeping our partners and clients in the loop on the migration issues, around 340 accounts are still affected and we are doing everything in our power to get the last users back to productivity. As usual, all technical stuff is located on our NOC which has been updated regularly through the day/night since the first issue with legacy disconnections started:

ExchangeDefender Migration NOC Post

In the meantime:

If you are among the affected users rest assured we are doing all we can and working around the clock to get you back into your Inbox. However, just because your Outlook won’t start up doesn’t mean you cannot send and receive email from anywhere in the world. Here are the steps to enable the LiveArchive failover:

1. Go to our admin portal at https://admin.exchangedefender.com. Login as the domain admin (just type in your domain name, if you do not have the password you can get a password reminder or open a ticket with subject “LIVE ARCHIVE UNLOCK” and we’ll reset it for you)

3. After you set the password it should take 1 minute for it to apply.

4. Instruct the user to go to https://nge.exchangedefender.com. Their username is their login, their password should let them in. If you run into an issue logging in, open a ticket “LIVEARCHIVE USER” with email, password and we will reset the credentials for you.

This is not available just for the affected ExchangeDefender mailboxes, this is available and included in your service for everything we protect – public folders, shared mailboxes, etc. If a folder or user is missing just create an address as a user in admin.exchangedefender.com, enable LiveArchive, set credentials, and you’ll be back to sending/receiving email.

We are still working on this, and we will not stop until everyone is back to normal, on the new platform that will be the end of legacy Exchange issues we’ve had to contend for so long. Please stay on top of the NOC, we are doing the best we can to keep everyone updated but priority is currently on restoring access and service. If your clients are upset, understandably, please point them to LiveArchive and get them back to work, it’s functional on mobile as well as the PC. Our current status is that we’re restoring mail flow and mail access to anyone, with public folder infrastructure to follow later today.

Access to Live Archive – https://nge.exchangedefender.com/

ExchangeDefender Feedback Loop – SPAM Reporting

ExchangeDefender SPAM Reporting (Feedback Loop) is a simple way for users to report SPAM messages that get delivered to their Inbox. This is a user-level feature in ExchangeDefender that inserts a link at the bottom of each processed email and gives users one-click reporting and blacklist management. Service providers and domain administrators can customize the appearance of the link that is automatically inserted at the bottom of the message.

Feedback Loop Feature

Login as the domain administrator And click on Mail Delivery > SPAM Feedback Loop. Click on Enable Feedback Loop Feature, make any optional additions to the signature, and click Save.

Enable Feedback Loop Reporting for Users

Once the feature has been enabled for the domain, Users will get a new feature in their Settings. Click on Settings > Settings and click on the SPAM Feedback Loop to enable signatures for email addresses associated with this user.

What does it look like?

The signature you designed on the Domain admin level will appear at the bottom of every HTML/text message that arrives in your Inbox. When the users click on the link it will open a web browser and take them to their ExchangeDefender account (if they are not logged in, they will see the login screen).

Once authenticated, the user can review the message, confirm that’s something they don’t want to see again, and we’ll look into it and make sure messages similar to the one they are reporting is not delivered to the Inbox.Users also have an option of providing feedback, uploading a copy of .msg file, as well as a checkbox that will automatically place the sender domain on a blacklist.

In conclusion, we realize that not everyone lives in Outlook or a web browser all day – so we’ve designed this process to help users that are mobile, or that interact with ExchangeDefender very infrequently – reporting and getting rid of SPAM is now just a click away. It also helps us improve the performance and accuracy of our filtering.

Try it out today!