Microsoft Exchange

UM with Microsoft Exchange 2016 / 2019

Forwarding e-mails

In order to receive e-mails with addresses like @sms.alleo.intern and @fax.alleo.intern to the UM server, they have to be forwarded by the mail server. Microsoft Exchange 2016 / 2019 supports e-mail forwarding with an SMTP send connector for each UM service:

  1. Open the Exchange admin centre.

  2. Under Message flow, go to Sending connectors and start the assistant (by clicking + ) to create a new sending connector:

exchange1

  1. On the Introduction page, enter a name for the connector and select the Custom type.

  2. On the second page, select Route e-mail through smart hosts and add the IP address of the XPhone Connect Server. Save these settings and click Next.

  3. Now select None as the authentication method and click Next.

  4. On the next page, specify all address areas to which the connector is to forward e-mails. To do so, click remember-user. Enter the domain data and click Save and then Next:

exchange2

  1. Now select on which Exchange Server (source server) in your company the messages are to be sent. To do so, click +, select the desired server and click Add, followed by OK, and then Finish.

  2. Proceed in the same manner for the text message service.

Message formats

The XPhone Connect UM services always expect the messages to use unformatted text. Remote domains are created and configured using the Exchange administration shell

Open the Exchange administration shell:

exchange3

In this example, the remote domain fax is created:

New-RemoteDomain -DomainName fax.alleo.intern -Name fax

exchange4

The remote domain can be queried with the following command:

Get-RemoteDomain -Identity fax | Format-List

In the following, all parameters are listed and highlighted in yellow that must be changed:

exchange5

All parameters that need to be changed have a consecutive number in the table. The commands are also numbered with these numbers.

exchange6

All parameters that need to be changed have a consecutive number in the table. The commands are also numbered with these numbers:

  1. Change CharacterSet to iso-8859-1 (MIME character set):

    Set-RemoteDomain fax -CharacterSet iso-8859-1
    
  2. Change NonMimeCharacterSet to iso-8859-1 (non-MIME character set):

    Set-RemoteDomain fax -NonMimeCharacterSet iso-8859-1
    
  3. Change AllowedOOFType to none (no absence messages are sent to domain):

    Set-RemoteDomain fax -AllowedOOFType None
    
  4. Change AutoReplyEnabled to false (allow automatic forwarding):

    Set-RemoteDomain fax -AutoReplyEnabled $false
    
  5. Change DeliveryReportEnabled to false (deactivate delivery report):

    Set-RemoteDomain fax -DeliveryReportEnabled $false
    
  6. Change NDREnabled to false (deactivate non-delivery report):

    Set-RemoteDomain fax -NDREnabled $false
    
  7. Change ContentType to MimeText (text messages are always sent as text):

    Set-RemoteDomain fax -ContentType MimeText
    
  8. Change TNEFEnabled to false:

    Set-RemoteDomain fax -TNEFEnabled $False
    

Hint

After entering the command, feedback is only provided by shell in case of an error.

Check the settings at the end of the configuration:

Get-RemoteDomain -Identity fax | Format-List

exchange7

IMAP4 access

The UM server uses the IMAP4 protocol to access messages from the user’s mailbox so users can listen to and manage their voicemail remotely over the phone.

  1. After standard installation of the Exchange Server, the IMAP4 service is not started automatically. This must be changed via the Windows Service Manager:

exchange8

  1. The IMAP4 service must now be configured so as to allow plain text authentication and only supply the messages in text format. This requires starting the Exchange Management Shell. Enter this command:

    Set-ImapSettings –LoginType PlainTextLogin –MessageRetrievalMimeFormat TextOnly
    
  • You can check the settings with Get-ImapSettings | Format-List. The important parameters are highlighted in the following graphic:

exchange8

  1. The IMAP4 service must be restarted when the configuration is completed.

IMAP logging can be activated as an option if problems occur. The Microsoft.Exchange.Imap4.exe.config file is in the C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PopImap directory. Logging is configured at the very end of the file:

<appSettings>

<add key="MaxIoThreadsPerCPU" value="0" />

<add key="ConnectionCacheSize" value="250" />

<add key="ProtocolLog" value="false" />

<add key="LogPath" value="C:\Program Files\Microsoft\Exchange Server\Logging\Imap4" />

<add key="AgeQuotaInHours" value="24" /> <add key="SizeQuota" value="10000000" />

<add key="PerFileSizeQuota" value="1000000" />

<add key="AllowCrossSiteSessions" value="false" />

</appSettings>

The word false must be changed to true in the highlighted row. Logging starts as soon as you reboot the service.

Relay settings

If the UM services are to send e-mails to any domains, some settings are required in Exchange Server and in the XPhone Connect Server.

In the default configuration, e-mails reaching the Exchange Server via SMTP are only sent in domains accepted by the Exchange Server. Accepted domains are managed on the Accepted domains tab under Message flow in the Exchange Admin Center. One way of sending to certain external domains would be to include these domains in the list of “Accepted domains”. However, this would also mean that each computer capable of accessing the Exchange Server by SMTP would also be able to send e-mails to these domains. This is not generally desired.

To ensure that only the computer running the UM services is capable of sending e-mails to any domain, it is necessary to configure an additional SMTP receive connector:

exchange10

  • Open the Exchange admin centre at Exchange Admin Center > Message flow > Receive connectors.

  • Start the assistant to create a New receive connector by clicking +/New.

  • Enter a unique Name, select the Hub transport role and User-defined type. Click Next.

exchange11

  • Under Network adapter connections, edit the default entry (All available IPv4 addresses) and change the port to 2500:

  • Click Next.

  • In the last window, enter the Remote IP addresse(es) of the server by which e-mails are to be received and click Finish.

MAPI connection instructions

MAPI is used to include private and public Outlook contact folders in the XPhone Connect Directory, to use server-side calendar synchronisation with the Microsoft Exchange Server if a Microsoft Exchange Server is used for saving UM messages and this protocol is to be used for remote access to voicemails.

MAPI overview

MAPI (“Messaging API”) is an interface to the Microsoft Exchange Server that is used by the XC Server for the following functions:

  • XPhone Connect Directory

  • Calendar synchronisation on the server side

  • MAPI inbox for UM messages

The MAPI configuration in the XPhone Connect Server slightly differs for the different Microsoft Exchange Server versions. XPhone Connect supports the Exchange Server versions 2016 and 2019.

Exchange 2016, 2019

Microsoft Outlook 2016 (32 bit) / 2019 (32 bit) must be installed on the XPhone Connect Server if you want to connect MAPI to Exchange 2016 / 2019. The installation wizard does not do this automatically. It must be carried out manually by the administrator.

The default e-mail client must be Microsoft Outlook from now on. This can be checked in the Windows registration under these keys; the value Microsoft Outlook must be set for Standard:

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\Mail]

Important

XPhone Connect supports the server-side MAPI connection to Office 365 for public and shared contact folders, but neither private contact folders nor server-side calendar synchronisation nor remote access to voicemail.

“MAPIAccount” for XPhone Connect services

For all Exchange Server versions, the XPhone Connect Server and all UM services must run under a specific domain account (e.g. MAPIAccount). The services account for all affected services is changed with the XPhone Connect Server Manager:

  • Under This account, select the MAPIAccount, assign the corresponding password and then select Change now.

Hint

Scenario

  • Outlook is installed on the XPhone Connect Server (for the MAPI connection to the Exchange Server).

  • The Windows password has been changed for the MAPI account under which the XPhone Connect Server runs.

Action

After changing the password, the following actions need to be run on the XPhone Connect Server:

  • Login to the XPhone Connect Server computer under the MAPI account.

  • End the XPhone Connect Server service via the XPhone Connect Server Manager.

  • Set the service account to localhost in the XPhone Connect Server Manager.

  • Change the service account back to the MAPI account and enter the new password.

  • Start Outlook
    • Outlook requests the new password.

  • Enter the password and check that Outlook is running smoothly. (If necessary, end Outlook and restart → the password request should not recur!)

  • End Outlook.

  • Restart the XPhone Connect Server service.

This ensures that calender synchronisation, Exchange contact folder and voicemail remote access work properly again.

The MAPI account must be a full domain account with its own inbox on the Exchange Server.

Attention

The MAPIAccount must not be a member of the Domain Admins, Exchange Servers, Organisation Admins or Exchange Organisation Administrators groups.

Full access permissions (FullAccess) to all Exchange inboxes must now be given to this MAPI account. This is achieved by allocating the Receive-As right for the MAPI account on all Exchange data bases.

In Exchange Server, rights are allocated in the Exchange management shell, a special command line interface for the Exchange Server. For the MAPI account to receive full access rights to all of the data base mailboxes, the Send-As and Receive-As authorisations must be allocated:

Get-Mailboxdatabase | Add-ADPermission -AccessRights ExtendedRight -ExtendedRights Receive-As, Send-As -User "<MAPIAccount>" | ft identity,user,extendedrights,accessrights,deny,isinherited

The preceding “Get-Mailboxdatabase” command means that the names of all data bases in the Exchange organisation are automatically transferred to the subsequent Add-ADPermission command. This way, you do not need to explicitly state the option -Identity for each individual data base.

The result of the command is a list of all data bases with all rights assigned for the MAPI account in this format:

Identity User ExtendedRights AccessRights Deny IsInherited

-------- ---- -------------- ------------ ---- -----------

DB_NAME < MAPIAccount > {Receive-As} {ExtendedRight} False False

DB_NAME < MAPIAccount > {Send-As} {ExtendedRight} False False

To check randomly if the MAPI account has full access rights to the inbox of a certain Exchange user, use the following command:

Get-MailboxPermission -Identity "<ExchangeUser>" -User "< MAPIAccount >"

The output will then be in this format (important here: AccessRights = {FullAccess}):

Identity User AccessRights IsInherited Deny

-------- ---- ------------ ----------- ----

<ExchangeUser> < MAPIAccount > {FullAccess} True False

To remove special authorisations of the MAPI account from all Exchange data bases, use this command:

Get-Mailboxdatabase | Remove-ADPermission -AccessRights ExtendedRight -ExtendedRights Receive-As, Send-As -User "<MAPIAccount>"

If there are multiple Exchange Servers in the domain, the command described above can be executed on all Exchange serves by using the command to list all Exchange Servers as prefix:

Get-ExchangeServer | ...

Exchange 2016 / 2019

MAPI connection to the Exchange 2016 / 2019 server requires the installation of Microsoft Outlook 2016 (32-bit) / 2019 (32-bit) on the XPhone Connect server. The following procedure is recommended:

Only if migrating from Exchange 2013 or older to Exchange 2016 / 2019:

  • Delete all data sources of type private or public Outlook contact folders in the Connect Directory

  • In the file atlas.xml, which is located in the installation directory of the XPhone Connect Server, the setting of RoHFlagsUseRoH must be set to off:

    <Exchange>
        <mapi>
            <RoHFlagsUseRoH>off</RoHFlagsUseRoH>
        </mapi>
    </Exchange>
    
  • Stop the XPhone Connect Servers service

  • Uninstall Messaging API and Collaboration Data Objects 1.2.1 from Control Panel > Programs and Features

  • Uninstall any existing Microsoft Office 2013 or older on the server

Connection to Exchange 2016 / 2019

  • Install Microsoft Office 2016 / 2019 (32-bit) with the components Outlook and - as required - Word, Excel and Powerpoint. Only Outlook is required for MAPI connectivity, the other applications support server-side rendering of fax documents. It must be ensured that no other Office version is installed!

  • Check that Microsoft Outlook is set as the Default email client.

  • Interactive Windows logon must be permitted on the XPhone Connect Server computer for the service account of the XPhone Connect Server. The XPhone Connect Server service account must first be set up in the Active Directory and given sufficient rights in the Exchange Server (see “MAPIAccount” for XPhone Connect services).

  • Start Outlook 2016/2019 (32-bit) and set up a standard MAPI profile. The cache mode of Outlook must be switched off!

  • The newly created profile must be set as Default Outlook Profile.

  • To check the permissions, it is recommended to open the mailbox of another user. Note: It is essential to use another non-critical test account for this purpose to prevent unauthorized access to user mailboxes! In addition, access to public Exchange folders should be checked (if available). Especially the access to the contact folder is important.

  • Install or update the XPhone Connect Server.

  • Change the XPhone Connect Server service account to the MAPI account in the XPhone Connect Server Manager and restart the XPhone Connect Server service via the XPhone Connect Server Manager

  • Existing data sources created for older Exchange Servers cannot be used for Exchange 2016 / 2019. All data sources of type private or public Outlook contact folders in the Connect Directory may need to be recreated. To do this, use a new name for the data source.

MAPI troubleshooting

You can find up-to-date notes on troubleshooting MAPI problems with XPhone Connect on the C4B support pages: MAPI-Quiz

Exchange Mailbox Store Limits

Symptoms
  • MAPI clients report the MAPI_E_FAILONEPROVIDER (0x8004011D) error.

  • The Exchange Server event log has the corresponding warnings or errors:

    Source: MSExchangeIS, Mapi session "…./cn=<MAPIAccount>" exceeded the maximum of 32 objects of type "session"
    
Explanation

Each Exchange mailbox server limits the maximum number of MAPI to 32 per user. Microsoft introduced this limit to protect the Exchange Server from incorrectly programmed MAPI clients or attacks. The XPhone Connect Server service runs under a domain account with full access rights to all Exchange inboxes (MAPIAccount) so that:

  • the XPhone Connect Directory can access public and private Outlook calendar folders.

  • server-side calendar synchronisation with Exchange works for presence control.

  • the voicemail system can access the voicemail messages saved on the Exchange Server.

Depending on the configuration of the XPhone ConnectServer, the MAPI account requires more than 32 simultaneous MAPI sessions on the Exchange Server. The following formula indicates the approximate demand:

Anzahl MAPI-Sessions für den MAPIAccount = N \* 5 \* ( O + P )


O: Anzahl öffentlicher Outlook Datenquellen im XPhone Connect Directory

P: Anzahl privater Outlook Datenquellen im XPhone Connect Directory (i.d.R. 1 oder 0)

N: Anzahl gleichzeitig unter dem MAPIAccount laufender XPhone Connect Server.

Mit 6 öffentlichen und einer privaten Outlook-Datenquelle kann das Limit schon überschritten werden: 1 \* 5 \* ( 6 + 1 ) = 35.
Solution for Exchange 2016 and 2019

On an Exchange Server 2016, the limit for the permissible MAPI sessions is raised using a so-called “Throttling Policy”. A new policy is generated first, which is then assigned to the MAPI account.

To do this, open the Exchange administration shell, a special command line interface for the Exchange Server, and enter the following commands:

New-ThrottlingPolicy NoThrottlingPolicy

Set-ThrottlingPolicy NoThrottlingPolicy -RCAMaxConcurrency Unlimited -EWSMaxConcurrency Unlimited -EWSMaxSubscriptions Unlimited -CPAMaxConcurrency Unlimited -EwsCutoffBalance Unlimited -EwsMaxBurst Unlimited -EwsRechargeRate Unlimited

Set-Mailbox "User Name" -ThrottlingPolicy NoThrottlingPolicy
  • Afterwards, the “Microsoft Exchange Information Store” service needs to be restarted. The mailboxes are not available during the restart.

You can check if the setup was successful with this command:

Get-Mailbox -Identity "<MAPIAccount>" | fl

All attributes of the specified identity are listed, amongst others the newly added XPhoneServerThrottlingPolicy.

Or:

Get-ThrottlingPolicyAssociation | more

To list all accounts.

If this measure is unsuccessful, the following key has to be set in the registry:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem]"Maximum Allowed Sessions Per User"=dword:00000080

(in this case, 128 sessions are permitted -> 80 in hexadecimal)

The value must be high enough as to enable the Exchange Server to allocate a sufficient number of sessions for the user under which the XPhone Connect Server is running.

This change must be made on each Exchange mailbox server within a Database Availability Group (DAG). Otherwise, inconsistent performance can be the result.

Have you found an mistake on this page?

Please send us a hint about this error by mail to doku@c4b.de. Thank you very much!