Archive | Outlook RSS feed for this section

Why Is An SMTP Address Displayed on the “TO” Line for Some Addressee’s and Not Others in Outlook?

Ever wonder why some addressees in the “TO” line of an Outlook email show the actual email address next to the contact name, and others just show the contact name without an email address? Like this:

Image

It all has to do with where you originally chose the addressee from. If you chose them from your personal Outlook Contacts, it will show the contact display name as well as the email address. If you chose them from the Global Address List, it will just show the display name.

Here’s why… with an Outlook Contact, you can store up to three email addresses for each contact, so Outlook displays the email address you will be sending to (as specified in the “Display As” field, which is customizable for each stored email address). That way, you know if you’re sending to someone’s work, home, or super-secret email address.

If you chose a contact from the Global Address List though, you do not get a choice of which email address you want to send to. Since you cannot choose the address, it doesn’t bother showing you what it is.

From then on, AutoComplete remembers where the address was originally selected from. So even if the selected contact exists in both your Outlook Contacts and the Global Address List, the AutoComplete object will be displayed from the originally selected location.

Just another Microsoft Outlook behavioral quirk!

How to Append Outlook 2010 Safe Senders List via Group Policy Object

I recently wrote an article about using the Exchange Management Shell to quickly add/remove addresses in the Outlook Safe Sender’s list. However, it’s dependent upon Exchange 2007/2010 and while it gets the job done for current users (or a subset of users), it doesn’t solve the problem for future users.

Fortunately, we can use a Group Policy Object (GPO) to do the same thing. Our GPO will point Outlook 2010 to a text file in a common location (such as the Netlogon share) with entries to be appended to the user’s Safe Senders list. For it to work, we’ll need the Office 2010 Administrative Template Files as well as a way to enforce Registry Entires on the client OS (this is built-in to the Windows Server 2008 GPO Editor due to Microsoft’s aquisition of PolicyMaker).

First, create a simple text file named “SafeSenders.txt” (or whatever you prefer) and populate it with the entries you want to end up in Outlook’s Safe Senders list (one address/domain per line, no headers are necessary). Save this next file in a location accessible to all users such as the Netlogon share.

Second, download the Office 2010 Administrative Template files and Office Customization Tool and extract the contents. We don’t need all of it, just the .adm or admx templates for Outlook. When you have them extracted, you can add them to your Group Policy Management Editor by right-clicking on “Administrative Templates” and selecting “Add/Remove Templates.” Add the outlk14 template and you’ll be all set.

Once added, drill down to the following:

User Configuration > Administrative Templates > Microsoft Outlook 2010 > Outlook Options > Preferences > Junk Email

Open “Specify Path to Safe Senders List” and set it to “Endabled.” For the path, use \\YourDomain\netlogon\SafeSenders.txt or whatever path/filename you will be using. Hit OK and now Outlook 2010 will know where to locate the import file. However, this setting will not force Outlook to actually import it. For that, we need to modify the registry.

If you have Windows Server 2008/2008 R2 as your domain controller and Windows Vista/7 as your client, this will not require any third party utilities, it’s all built right in to the Group Policy Management Editor.

Drill down to Preferences – Windows Serttings, right click on Registry and select New > Registry Item and use the following settings:


Action: Update
Hive: HKEY_CURRENT_USER
Key Path: Software\Policies\Microsoft\Office\14.0\Outlook\Options\Mail
Value Name: JunkMailImportLists
Value Type: REG_DWORD
Value Data: 1
Base: Decimal

Hit OK and then close out of the Group Policy Management Editor and assign this new GPO to the relevant Organizational Unit (OU). Once the GPO is applied to the system, restarting Outlook 2010 will force it to import the new Safe Senders List. If a user deletes one of those entries out of Outlook, it will be imported again the next time Outlook is launched.

The same Outlook setting can be applied to Outlook 2003/2007 with their relative administrative templates, but the registry setting will still need to be applied with by another product if the client OS is not Windows Vista/7 or the domain controller is anything other than Windows Server 2008/2008 R2.

Resources
Office 2010 Administrative Template files and Office Customization Tool

2007 Office system Administrative Template files and Office Customization Tool

Office 2003 Administrative Template, OPAs, and Explain Text Update

Configure junk e-mail settings in Outlook 2010

Outlook 2007/2010 on Windows XP Cannot Connect to Availability Service with Exchange 2007/2010

I ran in to an interesting issue recently with some users reporting that they could not see Free/Busy information. Upon further discovery, I found out that they couldn’t use the Out-of-Office Assistant either. The immediately tipped me off that we had some sort of issue Availability/AutoDiscover.

We narrowed it down to our users using Windows XP and Outlook 2007. Our Windows 7 Users with Outlook 2010 and our Windows XP users with Outlook 2003 were unaffected.

This coincided with our deployment of some additional Client Access Servers in a new site. It seemed like it had to be related, but I couldn’t immediately think of how.

All of our Exchange 2010 AutoDiscover tests were successful, and the Best Practices Analyzer didn’t reveal anything telling. The Application Log was clear as well.

So, if our Exchange 2010 infrastructure was testing out fine, and there really wasn’t anything apparently wrong with the client PCs either, then what could be the problem?

The answer came when I tried to browse directly to the /owa virtual directory on one of the new client access servers via HTTPS. I got “Page cannot be displayed” and nothing else, even though it worked fine from Windows 7.

It turns out there is a “gotcha” when creating CSR’s with Windows Server 2008 R2.
 
When the original SSL certificate request was created for the new Client Access Servers, it was created using Windows Server 2008 R2 using the non-default “Legacy Key” custom request. This causes the private key to be stored in Microsoft’s Legacy Cryptographic API framework.
 
However, Internet Information Services, under Windows Server 2008 R2, will try to process the request using its brand new Cryptographic Next Generation (CNG) framework… which works with the Legacy Key, but has some limitations. Specifically, it will only support two AES cipher suites:

  1. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  2. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

…and those two AES cipher’s are not supported by Windows XP by default.
 
Therefore, an SSL certificate that is the product of a Legacy Key CSR will result in an SSL failure between Windows XP and Server 2008 R2.
 
To fix it, you need to generate a new CSR using the default “CNG Key” (which supports numerous ciphers under Server 2008 R2) instead of “Legacy Key” and issue the certificate with your favorite signing authority. Then just apply it to your Client Access Servers and you should be good to go. Don’t forget to assign the IIS services to the new certificate using the Exchange Management Console/Shell.
 
Be careful though, not everything in your Exchange 2010 technology stack is compatible with a CNG-based certificate request. I know that because I ran into issues when I chose the default selection “CNG Key” for a certificate on Threat Management Gateway 2010 and found that it was not compatible.

So, having already been through troubleshooting that during the deployment of TMG, “Legacy Key” seemed like the safe (and logical) choice when generating CSR’s for use with our Client Access Servers.

Had I not done that though, I wouldn’t have had this problem, and I wouldn’t have written this article… which means you would still be looking for a solution.

How to Bulk Modify “Safe Senders” List in Outlook with Exchange Management Shell

Adding an email address or domain to the Safe Senders list in Outlook for all of your user mailboxes can be handy for a number of reasons. For me, we wanted to add the email address of an externally generated newsletter from a trusted source to everyone’s “Safe Sender” list so that images within the newsletter were automatically downloaded without requiring the user to click the yellow alert bar.

It’s also important if you want to maintain some control over Safelist Aggregation, which had a number of improvements in Exchange 2010.

In order to modify a user’s Safe Senders list, we’ll use the Set-MailboxJunkEmailConfiguration cmdlet .

Microsoft gives us some examples, but they’re pretty limited in their functionality if you want to modify multiple mailboxes.

It’s actually much easier to use a hash table with the ‘Add’ keyword to modify the Trusted SendersAndDomains property. This allows us to perform the operation with just a single line and without writing a more complicated PowerShell script.


get-Mailbox "ALIAS" | Set-MailboxJunkEmailConfiguration -TrustedSendersAndDomains @{Add='address@domain1.com','domain2.com'}

It also allows us to perform this action on multiple mailboxes at once filtered by Distribution Group


get-DistributionGroupMember -identity "ALIAS" | Set-MailboxJunkEmailConfiguration -TrustedSendersAndDomains @{Add='address@domain1.com','domain2.com'}

…by Custom Attribute


get-Mailbox -ResultSize 5000 | Where {$_.CustomAttribute1 -eq "VALUE"} | Set-MailboxJunkEmailConfiguration -TrustedSendersAndDomains @{Add='address@domain1.com','domain2.com'}

…or just for Everyone


get-Mailbox | Set-MailboxJunkEmailConfiguration -TrustedSendersAndDomains @{Add='address@domain1.com','domain2.com'}

If you want to check what is in the Safe Senders list for any particular user, just use the get-MailboxJunkEmailConfiguration command:


get-MailboxJunkEmailConfiguration -identity "ALIAS"

The lesson here? Never limit yourself to Microsoft’s stock examples as there are likely even more flexible ways available.

UPDATE: While running this command against all user mailboxes in our organization, I received this error on some accounts:


 The Junk E-Mail configuration couldn't be set. The user needs to sign in to Outlook Web App before they can modify their Safe Senders and Recipients or Blocked Senders lists.
    + CategoryInfo          : NotSpecified: (0:Int32) [Set-MailboxJunkEmailConfiguration], DataSourceOperationException
    + FullyQualifiedErrorId : 44A9456E,Microsoft.Exchange.Management.StoreTasks.SetMailboxJunkEmailConfiguration

The error seems to suggest that a user must sign in to Outlook Web App before their Junk Email configuration can be configured. That is somewhat misleading though, in that the only requirement is that the user has signed in to Outlook (I’ve tested this with Outlook 2003 & 2010). As it turned out I received the message for new hires that had not yet started, so it was nothing to really worry about.

Attempting to Remove Additional Mailboxes from Outlook 2010 Fails

I had an issue escalated to me today where a mailbox that had been properly removed from the “Open These Additional Mailboxes” box in the Advanced properties of an Outlook profile did not disappear from Outlook as expected.

We attempted to remove the relevant keys that were still hanging out in:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profile

…and that did not correct the issue, even after a full reboot of the PC.

We then blew away the Outlook profile, permanently deleted everything in   C:\Users\%username%\AppData\Local\Microsoft\Outlook, and recreated the profile. That didn’t work either, so at this point I knew it had to be something on the Exchange server.

I removed the “Full Access” permission using the Exchange Management Console, and then closed and reopened Outlook. Sure enough, the additional mailboxes that were opened were now gone.

Now I’m curious 🙂 So, I go into the Exchange Management Console and add myself to the Full Access list for a resource mailbox I had never connected to or had the occasion to access. I opened up Outlook, and there it was. Funny enough, if I looked in the Advanced properties of my Outlook profile, it did not appear in the list of additional mailboxes to be opened.

Even more curious, I did some digging and found that this is in fact a “feature” of Exchange Server 2010 SP1 when using Outlook 2007 or Outlook 2010:

…which you can see for yourself at http://technet.microsoft.com/en-us/library/bb676551.aspx

I had not yet run in to this “feature,” but found it interesting enough to write about.

Recurring Appointment Silliness in Outlook

I was asked to troubleshoot an interesting issue today for a manager of another department… you know, one of those informal “can you come here and look at this really quick” type of things. He had a daily, reoccurring appointment set up for lunch every day.  On one of the days he needed to set up lunch with a couple of people, so he opened that day’s occurrence of the appointment and invited the two attendees. We should note that all attendees were in the same time zone (that’s relevant information if you look the issue up on TechNet).

Today, he was asked to move the lunch forward several days. So, in order to do so, he went to that day and deleted that days’ occurrence of his generic “Lunch” appointment, and then attempted to move the customized one with attendees to that day.

When doing so, he got the following error:

Cannot reschedule an occurrence of the recurring appointment “[appointment name]” if it skips over a later occurrence of the same appointment

There are two things going on here… one is end user perspective, and the other is the reality of how Outlook is viewing that appointment.

To the end user, when he customized that specific occurrence of that reoccurring appointment, that appointment became a standalone event… one that he felt he should be able to move anywhere.

The reality of the situation though is that Outlook still sees that as one reoccurring event, not a standalone appointment. So when he attempted to move it forward several days, Outlook sees that reoccurring event trying to jump ahead of the same event on the day’s in-between.

The solution was simply to educate the user, and he created an independent event for his lunch meeting which could then be freely moved around.

The Definitive Guide to Troubleshooting Outlook Calendaring Issues.

If you work in an environment with multiple versions of Outlook crossing multiple time zones (especially those in the US with Daylight Savings Time), I absolutely promise you that you will see a lot of issues, particularly with Outlook 2010 now in the mix. Knowing everything below should give you the information you need to bring an issue to resolution without escalating it… which is exactly why I wrote it for our help desk 😉

First, I highly recommend that you read through the following guides:

Outlook meeting requests: Essential do’s and don’ts

How to troubleshoot missing and duplicate appointments in Outlook

These guides contain a ton of useful information you should know in order to adequately troubleshoot issues related to meeting requests either disappearing or not behaving as expected.

In regards to an appointment displaying at the wrong time (generally off by 1-2 hours) for an attendee, thoroughly review this document.

How to address time zone changes by using the Time Zone Data Update Tool for Microsoft Office Outlook

If absolutely nothing else, please remember these points:

  1. If the user has Outlook installed on multiple machines, and the determination has been made to rebuild the profile, then the Outlook profile must be rebuilt on all machines, including deleting the existing OST file.
  2. It makes a BIG difference if Outlook 2010 is anywhere in the mix.  Microsoft made major revisions to how Outlook calculates meeting times with 2010.  Delegates (i.e. EA’s) and their executives should all be upgraded simultaneously to the same version of Outlook.
  3. Meeting times are calculated.  That means that an appointment doesn’t start at 1 PM CST, it starts at “7 PM -6 GMT,” and the endpoint decides what that means by performing the calculation based on what it knows about the meeting time and the organizers Time Zone.  The Exchange server plays no role in that unless you are viewing it through Outlook Web Access.  This is why a meeting start time may be different on an iPhone than it is in Outlook, because each one independently decides when that meeting really starts.
  4. If a meeting time differs from where it is supposed to be, there is a mismatch of time zone/DST settings with either the meeting organizer, their delegate, the attendee, or the person that forwarded the meeting request.  Any Outlook client that touched that meeting request must be thoroughly vetted.  Again, if 2010 is in the mix (particularly the end point), that’s a big issue and the user should be taught how to use the Time Zone Data Update Tool.
  5. Time zone settings are set in both Windows and in Outlook.  The DST settings are set in Windows.  All of them are equally important and you should verify they match.
  6. An end user should ALWAYS have the “Automatically Adjust for DST” flag set in Windows unless they live in a time zone that does not recognize DST.  Simply setting the clock +/- one hour is insufficient.
  7. When looking at the Outlook calendar, always switch to “View by Category” or use Outlook Web Access in order to know 100% that a meeting isn’t really there.
  8. If a meeting does not exist in Outlook, Outlook Web Access, or on a mobile device, then it simply does not exist.  It’s gone for good and will need to be recreated.  None of us can bring it back so light a candle and say a prayer.
  9. Remember, OST files get corrupted, NK2 files get corrupted, and PST files are just flat out evil.  Know what each of those does and how to correct them.  Read up on ScanPST.exe, you can use it for OST files too.

…and last but not least, at my very first job in IT my manager drilled this in to me:  “We do not work on unpatched software.” That means the very first thing you should do with Outlook is verify it is on the latest service pack (and it wouldn’t hurt to check for hotfixes).  It won’t always fix the issue, but at least you are working with the latest code.

Outlook 2010: How to Automatically Add Locale-based Holiday’s to Your Calendar

Today I was nosing around my Outlook 2010 settings and happened upon a neat little feature to automatically add in all of the holidays for a given country/region.

While I’m familiar with my own country’s holidays, due to a lack of interest I’m not familiar at all with the rest of the world and I’m even less interested in adding them to my calendar by hand. I deal with peers in many different countries around the world, and in attempting to schedule joint projects it’s very helpful to know in advance if they’re celebrating a holiday.

Outlook makes no assumptions when you begin using it as to what holiday’s you would like on your calendar, so by default none are added. Fortunately, Microsoft has made it very easy in Outlook 2010 to add those holidays automatically. Just do the following:

  1. On the File menu, click Options, and then click Calendar.
  2. Under Calendar options, click Add Holidays.
  3. Select the check box next to each country/region whose holidays you want to add to your Calendar, and then click OK. Your own country/region is automatically selected.

Removing holidays is not quite as slick though. Whereas you might think (logically) that you would just uncheck the holiday’s in the same box, Microsoft has a more convoluted way of doing it:

  1. In Calendar, on the View tab, click Change View, then select List.
  2. Select the holidays you want to remove. To quickly remove all of the holidays for a country/region, click the Location column heading to sort by country. To select multiple rows, press the CTRL key and click subsequent rows.
  3. Change to the Home tab and click Delete on the Standard toolbar (or simply right-click on the highlighted items and select delete).

A bit of a short post and probably obvious to a lot of people, but it was something that I hadn’t run across before and thought was pretty useful.