Microsoft Exchange
UM with Microsoft Exchange 2016 / 2019
Forwarding e-mails
In order to receive e-mails with addresses like @sms.alleo.intern and @fax.alleo.intern to the UM server, they have to be forwarded by the mail server. Microsoft Exchange 2016 / 2019 supports e-mail forwarding with an SMTP send connector for each UM service:
Open the Exchange admin centre.
Under Message flow, go to Sending connectors and start the assistant (by clicking + ) to create a new sending connector:
On the Introduction page, enter a name for the connector and select the Custom type.
On the second page, select Route e-mail through smart hosts and add the IP address of the XPhone Connect Server. Save these settings and click Next.
Now select None as the authentication method and click Next.
On the next page, specify all address areas to which the connector is to forward e-mails. To do so, click remember-user. Enter the domain data and click Save and then Next:
Now select on which Exchange Server (source server) in your company the messages are to be sent. To do so, click +, select the desired server and click Add, followed by OK, and then Finish.
Proceed in the same manner for the text message service.
Message formats
The XPhone Connect UM services always expect the messages to use unformatted text. Remote domains are created and configured using the Exchange administration shell
Open the Exchange administration shell:
In this example, the remote domain fax is created:
New-RemoteDomain -DomainName fax.alleo.intern -Name fax
The remote domain can be queried with the following command:
Get-RemoteDomain -Identity fax | Format-List
In the following, all parameters are listed and highlighted in yellow that must be changed:
All parameters that need to be changed have a consecutive number in the table. The commands are also numbered with these numbers.
All parameters that need to be changed have a consecutive number in the table. The commands are also numbered with these numbers:
Change CharacterSet to iso-8859-1 (MIME character set):
Set-RemoteDomain fax -CharacterSet iso-8859-1
Change NonMimeCharacterSet to iso-8859-1 (non-MIME character set):
Set-RemoteDomain fax -NonMimeCharacterSet iso-8859-1
Change AllowedOOFType to none (no absence messages are sent to domain):
Set-RemoteDomain fax -AllowedOOFType None
Change AutoReplyEnabled to false (allow automatic forwarding):
Set-RemoteDomain fax -AutoReplyEnabled $false
Change DeliveryReportEnabled to false (deactivate delivery report):
Set-RemoteDomain fax -DeliveryReportEnabled $false
Change NDREnabled to false (deactivate non-delivery report):
Set-RemoteDomain fax -NDREnabled $false
Change ContentType to MimeText (text messages are always sent as text):
Set-RemoteDomain fax -ContentType MimeText
Change TNEFEnabled to false:
Set-RemoteDomain fax -TNEFEnabled $False
Hint
After entering the command, feedback is only provided by shell in case of an error.
Check the settings at the end of the configuration:
Get-RemoteDomain -Identity fax | Format-List
IMAP4 access
The UM server uses the IMAP4 protocol to access messages from the user’s mailbox so users can listen to and manage their voicemail remotely over the phone.
After standard installation of the Exchange Server, the IMAP4 service is not started automatically. This must be changed via the Windows Service Manager:
The IMAP4 service must now be configured so as to allow plain text authentication and only supply the messages in text format. This requires starting the Exchange Management Shell. Enter this command:
Set-ImapSettings –LoginType PlainTextLogin –MessageRetrievalMimeFormat TextOnly
You can check the settings with
Get-ImapSettings | Format-List
. The important parameters are highlighted in the following graphic:
The IMAP4 service must be restarted when the configuration is completed.
IMAP logging can be activated as an option if problems occur. The Microsoft.Exchange.Imap4.exe.config file is in the C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PopImap
directory. Logging is configured at the very end of the file:
<appSettings>
<add key="MaxIoThreadsPerCPU" value="0" />
<add key="ConnectionCacheSize" value="250" />
<add key="ProtocolLog" value="false" />
<add key="LogPath" value="C:\Program Files\Microsoft\Exchange Server\Logging\Imap4" />
<add key="AgeQuotaInHours" value="24" /> <add key="SizeQuota" value="10000000" />
<add key="PerFileSizeQuota" value="1000000" />
<add key="AllowCrossSiteSessions" value="false" />
</appSettings>
The word false
must be changed to true
in the highlighted row. Logging starts as soon as you reboot the service.
Relay settings
If the UM services are to send e-mails to any domains, some settings are required in Exchange Server and in the XPhone Connect Server.
In the default configuration, e-mails reaching the Exchange Server via SMTP are only sent in domains accepted by the Exchange Server. Accepted domains are managed on the Accepted domains tab under Message flow in the Exchange Admin Center. One way of sending to certain external domains would be to include these domains in the list of “Accepted domains”. However, this would also mean that each computer capable of accessing the Exchange Server by SMTP would also be able to send e-mails to these domains. This is not generally desired.
To ensure that only the computer running the UM services is capable of sending e-mails to any domain, it is necessary to configure an additional SMTP receive connector:
Open the Exchange admin centre at Exchange Admin Center > Message flow > Receive connectors.
Start the assistant to create a New receive connector by clicking +/New.
Enter a unique Name, select the Hub transport role and User-defined type. Click Next.
Under Network adapter connections, edit the default entry (All available IPv4 addresses) and change the port to 2500:
Click Next.
In the last window, enter the Remote IP addresse(es) of the server by which e-mails are to be received and click Finish.
MAPI connection instructions
MAPI is used to include private and public Outlook contact folders in the XPhone Connect Directory, to use server-side calendar synchronisation with the Microsoft Exchange Server if a Microsoft Exchange Server is used for saving UM messages and this protocol is to be used for remote access to voicemails.
MAPI overview
MAPI (“Messaging API”) is an interface to the Microsoft Exchange Server that is used by the XC Server for the following functions:
XPhone Connect Directory
Calendar synchronisation on the server side
MAPI inbox for UM messages
The MAPI configuration in the XPhone Connect Server slightly differs for the different Microsoft Exchange Server versions. XPhone Connect supports the Exchange Server versions 2016 and 2019.
Exchange 2016, 2019
Microsoft Outlook 2016 (32 bit) / 2019 (32 bit) must be installed on the XPhone Connect Server if you want to connect MAPI to Exchange 2016 / 2019. The installation wizard does not do this automatically. It must be carried out manually by the administrator.
The default e-mail client must be Microsoft Outlook from now on. This can be checked in the Windows registration under these keys; the value Microsoft Outlook must be set for Standard:
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\Mail]
Important
XPhone Connect supports the server-side MAPI connection to Office 365 for public and shared contact folders, but neither private contact folders nor server-side calendar synchronisation nor remote access to voicemail.
“MAPIAccount” for XPhone Connect services
For all Exchange Server versions, the XPhone Connect Server and all UM services must run under a specific domain account (e.g. MAPIAccount). The services account for all affected services is changed with the XPhone Connect Server Manager:
Under This account, select the MAPIAccount, assign the corresponding password and then select Change now.
Hint
Scenario
Outlook is installed on the XPhone Connect Server (for the MAPI connection to the Exchange Server).
The Windows password has been changed for the MAPI account under which the XPhone Connect Server runs.
Action
After changing the password, the following actions need to be run on the XPhone Connect Server:
Login to the XPhone Connect Server computer under the MAPI account.
End the XPhone Connect Server service via the XPhone Connect Server Manager.
Set the service account to localhost in the XPhone Connect Server Manager.
Change the service account back to the MAPI account and enter the new password.
- Start Outlook
Outlook requests the new password.
Enter the password and check that Outlook is running smoothly. (If necessary, end Outlook and restart → the password request should not recur!)
End Outlook.
Restart the XPhone Connect Server service.
This ensures that calender synchronisation, Exchange contact folder and voicemail remote access work properly again.
The MAPI account must be a full domain account with its own inbox on the Exchange Server.
Attention
The MAPIAccount must not be a member of the Domain Admins, Exchange Servers, Organisation Admins or Exchange Organisation Administrators groups.
Full access permissions (FullAccess) to all Exchange inboxes must now be given to this MAPI account. This is achieved by allocating the Receive-As right for the MAPI account on all Exchange data bases.
In Exchange Server, rights are allocated in the Exchange management shell, a special command line interface for the Exchange Server. For the MAPI account to receive full access rights to all of the data base mailboxes, the Send-As and Receive-As authorisations must be allocated:
Get-Mailboxdatabase | Add-ADPermission -AccessRights ExtendedRight -ExtendedRights Receive-As, Send-As -User "<MAPIAccount>" | ft identity,user,extendedrights,accessrights,deny,isinherited
The preceding “Get-Mailboxdatabase” command means that the names of all data bases in the Exchange organisation are automatically transferred to the subsequent Add-ADPermission command. This way, you do not need to explicitly state the option -Identity for each individual data base.
The result of the command is a list of all data bases with all rights assigned for the MAPI account in this format:
Identity User ExtendedRights AccessRights Deny IsInherited
-------- ---- -------------- ------------ ---- -----------
DB_NAME < MAPIAccount > {Receive-As} {ExtendedRight} False False
DB_NAME < MAPIAccount > {Send-As} {ExtendedRight} False False
To check randomly if the MAPI account has full access rights to the inbox of a certain Exchange user, use the following command:
Get-MailboxPermission -Identity "<ExchangeUser>" -User "< MAPIAccount >"
The output will then be in this format (important here: AccessRights = {FullAccess}
):
Identity User AccessRights IsInherited Deny
-------- ---- ------------ ----------- ----
<ExchangeUser> < MAPIAccount > {FullAccess} True False
To remove special authorisations of the MAPI account from all Exchange data bases, use this command:
Get-Mailboxdatabase | Remove-ADPermission -AccessRights ExtendedRight -ExtendedRights Receive-As, Send-As -User "<MAPIAccount>"
If there are multiple Exchange Servers in the domain, the command described above can be executed on all Exchange serves by using the command to list all Exchange Servers as prefix:
Get-ExchangeServer | ...
Exchange 2016 / 2019
MAPI connection to the Exchange 2016 / 2019 server requires the installation of Microsoft Outlook 2016 (32-bit) / 2019 (32-bit) on the XPhone Connect server. The following procedure is recommended:
Only if migrating from Exchange 2013 or older to Exchange 2016 / 2019:
Delete all data sources of type private or public Outlook contact folders in the Connect Directory
In the file atlas.xml, which is located in the installation directory of the XPhone Connect Server, the setting of
RoHFlagsUseRoH
must be set to off:<Exchange> <mapi> <RoHFlagsUseRoH>off</RoHFlagsUseRoH> </mapi> </Exchange>
Stop the XPhone Connect Servers service
Uninstall Messaging API and Collaboration Data Objects 1.2.1 from Control Panel > Programs and Features
Uninstall any existing Microsoft Office 2013 or older on the server
Connection to Exchange 2016 / 2019
Install Microsoft Office 2016 / 2019 (32-bit) with the components Outlook and - as required - Word, Excel and Powerpoint. Only Outlook is required for MAPI connectivity, the other applications support server-side rendering of fax documents. It must be ensured that no other Office version is installed!
Check that Microsoft Outlook is set as the Default email client.
Interactive Windows logon must be permitted on the XPhone Connect Server computer for the service account of the XPhone Connect Server. The XPhone Connect Server service account must first be set up in the Active Directory and given sufficient rights in the Exchange Server (see “MAPIAccount” for XPhone Connect services).
Start Outlook 2016/2019 (32-bit) and set up a standard MAPI profile. The cache mode of Outlook must be switched off!
The newly created profile must be set as Default Outlook Profile.
To check the permissions, it is recommended to open the mailbox of another user. Note: It is essential to use another non-critical test account for this purpose to prevent unauthorized access to user mailboxes! In addition, access to public Exchange folders should be checked (if available). Especially the access to the contact folder is important.
Install or update the XPhone Connect Server.
Change the XPhone Connect Server service account to the MAPI account in the XPhone Connect Server Manager and restart the XPhone Connect Server service via the XPhone Connect Server Manager
Existing data sources created for older Exchange Servers cannot be used for Exchange 2016 / 2019. All data sources of type private or public Outlook contact folders in the Connect Directory may need to be recreated. To do this, use a new name for the data source.
MAPI troubleshooting
You can find up-to-date notes on troubleshooting MAPI problems with XPhone Connect on the C4B support pages: MAPI-Quiz
Exchange Mailbox Store Limits
Symptoms
MAPI clients report the
MAPI_E_FAILONEPROVIDER (0x8004011D)
error.The Exchange Server event log has the corresponding warnings or errors:
Source: MSExchangeIS, Mapi session "…./cn=<MAPIAccount>" exceeded the maximum of 32 objects of type "session"
Explanation
Each Exchange mailbox server limits the maximum number of MAPI to 32 per user. Microsoft introduced this limit to protect the Exchange Server from incorrectly programmed MAPI clients or attacks. The XPhone Connect Server service runs under a domain account with full access rights to all Exchange inboxes (MAPIAccount) so that:
the XPhone Connect Directory can access public and private Outlook calendar folders.
server-side calendar synchronisation with Exchange works for presence control.
the voicemail system can access the voicemail messages saved on the Exchange Server.
Depending on the configuration of the XPhone ConnectServer, the MAPI account requires more than 32 simultaneous MAPI sessions on the Exchange Server. The following formula indicates the approximate demand:
Anzahl MAPI-Sessions für den MAPIAccount = N \* 5 \* ( O + P )
O: Anzahl öffentlicher Outlook Datenquellen im XPhone Connect Directory
P: Anzahl privater Outlook Datenquellen im XPhone Connect Directory (i.d.R. 1 oder 0)
N: Anzahl gleichzeitig unter dem MAPIAccount laufender XPhone Connect Server.
Mit 6 öffentlichen und einer privaten Outlook-Datenquelle kann das Limit schon überschritten werden: 1 \* 5 \* ( 6 + 1 ) = 35.
Solution for Exchange 2016 and 2019
On an Exchange Server 2016, the limit for the permissible MAPI sessions is raised using a so-called “Throttling Policy”. A new policy is generated first, which is then assigned to the MAPI account.
To do this, open the Exchange administration shell, a special command line interface for the Exchange Server, and enter the following commands:
New-ThrottlingPolicy NoThrottlingPolicy
Set-ThrottlingPolicy NoThrottlingPolicy -RCAMaxConcurrency Unlimited -EWSMaxConcurrency Unlimited -EWSMaxSubscriptions Unlimited -CPAMaxConcurrency Unlimited -EwsCutoffBalance Unlimited -EwsMaxBurst Unlimited -EwsRechargeRate Unlimited
Set-Mailbox "User Name" -ThrottlingPolicy NoThrottlingPolicy
Afterwards, the “Microsoft Exchange Information Store” service needs to be restarted. The mailboxes are not available during the restart.
You can check if the setup was successful with this command:
Get-Mailbox -Identity "<MAPIAccount>" | fl
All attributes of the specified identity are listed, amongst others the newly added XPhoneServerThrottlingPolicy.
Or:
Get-ThrottlingPolicyAssociation | more
To list all accounts.
If this measure is unsuccessful, the following key has to be set in the registry:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem]"Maximum Allowed Sessions Per User"=dword:00000080
(in this case, 128 sessions are permitted -> 80 in hexadecimal)
The value must be high enough as to enable the Exchange Server to allocate a sufficient number of sessions for the user under which the XPhone Connect Server is running.
This change must be made on each Exchange mailbox server within a Database Availability Group (DAG). Otherwise, inconsistent performance can be the result.
Have you found a mistake on this page?
Or is something not formulated well or too vague? Then we look forward to receiving an e-mail, preferably with a suggestion for improvement, to doku@c4b.de. Thank you very much!