Category Archives: Exchange 2010

Encrypted / Password ZIP email attachments stripped

I recently migrated from an Exchange 2007 Edge server to an Exchange 2010 Edge server.  I used the opportunity to not carry over some of the legacy settings and start clean.  Everything appeared fine till a few weeks later.

A user complained that their ZIP files were being stripped in attachments.  Their attachments would arrive with a TXT extension on it.  Within that TXT file it would say “This attachment was removed.”.  Having never seen this before and able to successfully email myself ZIP attachments I put it down to the senders email filtering.  The recipient was adamant that it wasn’t the senders fault.  So I managed to get a hold of the questionable ZIP files and send them to myself via Gmail, sure enough the attachments failed to arrive.  So began my investigations…

Not doing any filtering on our HUB or Mailbox servers I was immediately able to eliminate those services.  I then inspected our AV / Spam provider and confirmed via their logs that these emails were successfully passing to our Exchange Edge network.  So I focused my attention here.

Comparing the decommissioned Exchange 2007 Edge to the 2010 Edge I ran the PowerShell command Get-TransportAgent.  This outputted the below on each server.  The difference being that the “Attachment Filtering Agent” was disabled on the old Exchange 2007 Edge.

Image1. Exchange 2010 Edge

Image 2. Exchange 2007 Edge

On the new Exchange 2010 Edge I ran Get-AttachmentFilterEntry and inspected what default Attachment Filtering Microsoft had specified.  ZIP attachments was not one of them.  Never the less, as a test, I disabled Attachment Filtering with the PowerShell command

Disable-TransportAgent -Identity “Attachment Filtering Agent”

I then resent myself the failed ZIP files.  To my surprise they were successfully received.  Doing some research online seemed to indicate that this was the solution many people took to resolve this same issue.  This seemed like a pretty piss poor solution that I wasn’t going to accept.  Not if it meant that I would have to disabled all attachment filtering just for ZIP files.

I re-enabled the Attachment Filtering with Enable-TransportAgent -Identity “Attachment Filtering Agent”

After quite a few hours of playing around I finally found a viable solution.  The ZIP file I had been working with turned out to be an encrypted / password protected zip file.  Because of this the Exchange Edge server was having issues identifying the type of attachment.  By modifying the EdgeTransport.exe.config file I managed to find a workaround while continuing to maintain attachment filtering.

Solution:

1.       Go to the Edge server

2.       Stop the Transport service.

3.       Locate the EdgeTransport.exe.config file. This file is located in the following path: drive:Program FilesMicrosoftExchange ServerV14Bin

4.       Add the following entry between the <appSettings> element and the </appSettings> element of the EdgeTransport.exe.config file:

5.       <add key=”AllowInvalidAttachment” value=”true” />

6.       Restart the Transport service.

Increasing the Rules Quota limit in Exchange Server 2007

Many admins probably wouldn’t know that there is a size limit set on mailbox rules.  The default value in Exchange 2007 and 2010 is 64 KB.  It may seem small but up until recently I never had a need to change this value at a global or user level.

Every so often, though, you come across a user that’s the exception rather than the rule… so to say.  The only indication you’ll get that the user is over the limit is a warning on the user’s desktop when they attempt to create another rule via Outlook.

“One or more rules could not be uploaded to Exchange server and have been deactivated. This could be because some of the parameters are not supported or there is insufficient space to store all your rules.”

Using Outlook Web Access will present the user with a slightly different message.  OWA seems to do a better job at a more descriptive error message and even suggests a resolution for the user.

“Outlook Web Access cannot save the rule that you specified. Either the rule exceeds the maximum size limit for individual rules, or all your rules together, including this rule, exceed the size limit for rules. Remove some conditions, actions, or exceptions and try again.”

If the user is unable, or in my case unwilling, to clean up some rules.  You can hop onto an Exchange server via Powershell and change their Rules Quota limit.

As mentioned, the default limit is 64 KB.  There is a hard maximum which is 256 KB.  Any value up to 256 KB is valid to use.  In the example below I select a user via their email address to increase their quota to the maximum 256 KB.

get-mailbox john.doe@abcompany.com.au | Set-Mailbox -RulesQuota 256kb

We can easily check the new rules quota size for the user with the below command.

get-mailbox john.doe@abcompany.com.au | ft RulesQuota

Microsoft Knowledge Base article
http://support.microsoft.com/kb/886616

Blank Page in OWA 2010

If you’re anything like me there will be times when you’re so busy (or maybe a little lazy) you might just count hope on the fact that a Microsoft install will check installation prerequisites and warn / install them for you.

Unfortunately Exchange 2010 isn’t one of those installations.  Using a default install of Windows Server 2008 R2.  I performed an installation of Exchange Server 2010.  Using only the pre-installation checker during the installation process I installed only what was requested to get Exchange 2010 to install.  For the most part this was fine.  It gave me a functioning Exchange 2010 test server.

It wasn’t till I tested OWA that I found it didn’t install or notify me of all the prerequisite web components.

When I browsed to OWA I was redirected to https://exchangeserver.local/owa/auth/logon.aspx?url=https://exchangeserver.local/owa&reason=0

Fortunately the fix was rather simple.  It required two PowerShell commands and no Exchange service restarts.

Import-Module ServerManager

Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart